"Andrew Bartlett" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> I sit in two camps on this one - for local UIDs/GIDs, I actually like > the 'algorithmic', but it's confined to a single uid/gid space. > > For winbindd, I'm convinced that the tdb mapping is the best way > forward, but that some extensions to cope with all SIDs as GIDs. The irony is that this is actaully proving my original proposal to use solely GIDs ineffective since it seems that ultimately we'll need entries in both the UID space and the GID space to get the behavior we need. Indeed it seems that what's actually required is a UID and a GID per SID (I forgot about "Group Owners" of normal files, and looking up permissions in a normal POSIX fashion uses the UID to access a list of GIDs (including the default GID)). So it seems like the solution to define two identically sized ranges from the local UID and GID space and to have winbind just burn through them incrementally while maintaining a mapping table really ends up being the best approach. I hadn't realized that an SID is actually 256 bits and we at best only have 32 bits to work with I I was only thinking about the RIDs). -- Michael --
