2012/8/17 James Relph <[email protected]>: > Yes, ephemeral IDs are temporary representations of Security > Identifiers (SIDs). The idmapd(1m) daemon maintains these in a cache, > with time-to-live (TTL) based expiration. There's a library API for > turning an ephemeral ID back into a SID - see: idmap_get_sidbyuid > > http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libidmap/common/idmap_api.c > > > Thanks very much for that confirmation, really doesn't seem obvious in a lot > of the documentation! I don't have a system handy to test today (will do > over the weekend) but I'll try and get a better idea of how that works over > the weekend (in particular after a reboot, what UID/GID will a file/folder > show (ie. with ls) until the same user logs in again and the new ephemeral > mapping is created?).
ephemeral ids break setuid/seteuid because they are not static on a _running_ system. They may change anytime. Thus any POSIX compliant application relying on these functions for privileges can not use them. Essentially you sacrifice UNIX for Windows. -f _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
