[OpenIndiana-discuss] Diagonal Mapping

[James Relph]

Hi all,

I just wondered if anyone here was particularly familiar with idmap's diagonal mapping?  It looked like it could be quite handy for adding group permissions with static maps (eg. Windows Group is mapped to a single unix user), but I'm wondering if it is possible to use it like that.  When testing with one user, it works brilliantly, if I add:

idmap add wingroup:tmp at themacplace.private unixuser:tmp

then login with the first account, james, I can write (and then read) files/folders and it creates them as the unix user tmp.  That all looked really promising, but in looking at something else I tested that with a different user (also a member of tmp at themacplace.private) and it is writing the file with an ephemeral ID:

drwx------+  2 angela at themacplace.private Domain Users at themacplace.private       2 Feb 24 12:36 Test Folder - angela
drwx------+  2 tmp      other          2 Feb 24 12:36 Test Folder - james

What is odd, is that idmap itself actually seems to be working, it looks like it should be mapping angela to the tmp user:

# idmap list james at themacplace.private
add     wingroup:tmp at themacplace.private        unixuser:tmp

# idmap list angela at themacplace.private
add     wingroup:tmp at themacplace.private        unixuser:tmp

Does anyone know why that would be working like that?

Thanks,

James

Principal Consultant

Website:		www.themacplace.co.uk