[OpenIndiana-discuss] Solaris privileges and seteuid()
James Relph
james at themacplace.co.uk
Wed Aug 22 21:35:10 UTC 2012
> Really? Where is your evidence? I don't think I've ever seen one
> change except after a reboot.
>
The cache TTL for idmap is only 10 minutes from what I've seen ( http://fxr.watson.org/fxr/source/common/idmap/idmap_cache.c?v=OPENSOLARIS ). I read somewhere (sorry, can't find the source at the moment) that while a user is logged in their ephemeral UID won't change, but that may only apply to users logged in via the kernel CIFS server and I can't see anything that suggests that the mappings are returned after the TTL period on the idmap cache.
I really don't understand why the ephemeral UIDs are quite so ephemeral (certainly keeping them static between reboots seems a bit of a minimum).
Honestly would be willing to put up a respectable bounty if anyone wants to have a go at improving the AD integration!
James.
More information about the OpenIndiana-discuss
mailing list