• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: About Group, OpenDirectory, Active Directory and Unix philosophy
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: About Group, OpenDirectory, Active Directory and Unix philosophy

  • Subject: Re: About Group, OpenDirectory, Active Directory and Unix philosophy
  • From: Jason Townsend <email@hidden>
  • Date: Thu, 2 Jun 2005 09:46:33 -0700
On May 25, 2005, at 2:08 PM, Stéphane Sudre wrote:
Let's say I have a user which is authenticating (him|her)self against an Active Directory Server from (his|her) Mac OS X machine.

This leads the uid tool showing some group ids which are not the standard ones (20,80,0,501, 502, etc.). For instance: 1547231201.

Now, the user is going to create a file in (his|her) mobile home folder.

Shall the gid for the file be the one of the parent folder (staff for instance) or the one shown by uid?

Currently, for a tool, I'm setting the gid of the resulting file to the gid of the logged user (obtained with getgid()).

Is this wrong from an Unix philosophy point of view?

Additionally, doing this prevents an Apple application from using the file whereas the uid for the file is perfectly correct and the permissions are rwx for the user.

Note that the Active Directory plug-in is not part of Darwin. However, I think your question is still relevant to this list from the standpoint of file permissions issues.

The GIDs you are seeing are normal for the Active Directory plug-in. So the question is why can't you access the file if the group is not set to staff? Are you using 10.3.x or 10.4.x? Are there any ACLs involved? Perhaps a directory listing (ls -la) from the directory in question would help.

Can you cat the file as the user in question? Maybe the application is doing some additional preflight on the file permissions before allowing you to use the file.

To answer your more general question, I would say that it's not a question of philosophy, but of what set of users you want to have access to the file in question.

Hope that helps,
-Jason

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: About Group, OpenDirectory, Active Directory and Unix philosophy

      • From: Stéphane Sudre <email@hidden>
      • 



    

  • Prev by Date:
Re: LDAP, DirectoryService and loginwindow in Tiger

    • 

  • Next by Date:
Re: Darwin 8.0 on x86 and SMP (Dual CPU)

    • 

  • Previous by thread:
Re: LDAP, DirectoryService and loginwindow in Tiger

    • 

  • Next by thread:
Re: About Group, OpenDirectory, Active Directory and Unix philosophy

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •