Allan Fleming wrote:
ls -V shows me this:
d---------+ 15 allan Domain us...@nexus.uwaterloo.ca 32 May 13
11:46
windows2000
user:allan:rwxpdDaARWcCos:-------:allow
group:Local sys...@builti:rwxpdDaARWcCos:-------:allow
user:allan:rwxpdDaARWcCos:fdi----:allow
group:Local sys...@builti:rwxpdDaARWcCos:fdi----:allow
If I try to set the group the same on another file I can't.
chmod A+group:Local\ sys...@builti:rwxpdDaARWcCos:-------:allow junk
Invalid group Local sys...@builti specified.
I'm not sure what I am missing
The first thing that you're missing is that the ls -V output is
truncated; the name it's trying to specify is "Local sys...@builtin".
However, that won't work either :-(.
The second thing you're missing is that we have some bugs in this area;
the treatment of builtin users and groups is wrong. As it happens, I've
been looking at the question over the last couple of weeks, and am close
to determining what the "right" answer is.
One workaround, obscure but will work forever, is to explicitly specify
the SID. For Local System, that's:
$ chmod A+sid:S-1-5-18:full_set:fd:allow junk
Another workaround, less obscure but I'm not sure it will be an
allowable form after we clean up the situation, is to use "@<nothing>":
$ chmod A+group:"Local System@":full_set:fd:allow junk
Right now, it looks like the most likely form for builtin names will be
to use the bare name, e.g. "Local System", with no @domain qualifier.
There might also be a way to explicitly specify that you want a builtin
name, in case there's ambiguity.
There's also a question of exactly what names should be used for the
builtin names. The Microsoft documentation refers to S-1-5-18 as "Local
System", but the Windows user interface refers to it as "SYSTEM" or "NT
AUTHORITY\SYSTEM", so we might change our behavior there.
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
