Re: [cifs-discuss] idmapping

Wed, 11 Nov 2009 10:47:32 -0800 

Jordan Brown wrote:

[ Answered on the internal list, repeated here for the other audience ]



Thank you Jordan and my apologies for the double posting. My internal 
post resulted in someone pointing me here. My bad for not thinking of 
coming here first.





Chris Gerhard wrote:

How can I map what appears to be the default the "SYSTEM" group on 
windows XP to a group on Solaris? I always end up with an ephemeral 
group for that?



SYSTEM (aka "Local System", S-1-5-18) is hardwired to 2147483648.  It's 
not exactly an ephemeral ID; it's more of a reserved ID.  I think this 
is so that something in the CIFS server can automatically add it to an 
ACL in some cases, but I don't know the details.


So can you map this ID ? If so how?




v-ss7410b-gmp03# idmap list
add     "winuser:cjg.uk.sun.com\\cjg"    unixuser:cg13442
add     "wingroup:cjg.uk.sun.com\\smbstaff"    unixgroup:staff
add -d    "wingroup:*\\SYSTEM"    unixgroup:sys
v-ss7410b-gmp03# ls -dv My*
d---------+  4 cg13442  staff          5 Nov 11 12:42 My Documents
     0:user:cg13442:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/delete/read_acl
         /write_acl/write_owner/synchronize:allow
     1:group:2147483648:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/delete/read_acl
         /write_acl/write_owner/synchronize:allow
v-ss7410b-gmp03#

This in turn prevents me from listing the file over NFS:

: v4v-machine-a11-gmp03.eu TS 51 $; ls -l
ls: can't read ACL on ./My Documents: Not owner
ls: can't read ACL on ./xp.txt: Not owner
total 12
d---------  0 root     root           5 Jan  1  1970
----------  0 root     root           0 Jan  1  1970
-rw-r-----   1 cg13442  staff          5 Nov 10 16:25 nfs
----------+  1 cg13442  staff          6 Nov 10 17:49 smb.txt
-rw-r-----   1 cg13442  root          13 Nov 10 16:50 zfs.txt
: v4v-machine-a11-gmp03.eu TS 52 $; ls
My Documents  nfs           smb.txt       xp.txt        zfs.txt
: v4v-machine-a11-gmp03.eu TS 53 $;


That part I can't explain.



This appears to be a bug. ls gets an error  from the call to get the ACL 
and then misbehaves:


http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6844328


so having this default SYSTEM group which is unmapped is preventing NFS 
access working.





--
Sent from my OpenSolaris Laptop
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss






















					Reply via email to