On 07/13/11 05:24, Chris Ridd wrote:
If you put "ad" in your nsswitch.conf passwd and group lines, these
special IDs will get names associated with them.
We're not using AD at all - just LDAP with an RFC 2307bis-ish schema. I
could populate it with some of these specials, but it doesn't seem
useful.
I understand that you're not using AD. The "ad" name service provider is
somewhat misnamed - it really is an interface to the identity mapping
subsystem, and handles both AD-based identities and a canned list of
built-in identities.
In fact I'm not really sure the ACLs on the
parent directory were really being used - owner@ was not granted d or D
permissions yet was still able to delete files. Are these ACLs faked
up?
They certainly aren't fake. I agree that something looks wrong in the
handling of d and D. I've passed that on to the ZFS team.
By the way, please don't rely on the reserved values at 0x80000000.
We don't actually store them in the file system - what gets stored is
the SID - and we might change how they're allocated.
Noted.
While I'm on the subject, also don't rely on any particular value for those
high numbers. There are about three that are hardwired; the rest are
dynamically allocated and can change on reboot.
Thanks *very* much for the comments!
Glad to be of assistance.
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
