samba - May 2020 - default backend = rid not showing full group information for users

m?ndag 4 maj 2020 kl. 20:45:37 CEST skrev  Rowland penny via
samba:
> On 04/05/2020 19:24, Magnus Holmgren via samba wrote:
> > Sunday 3 maj 2020 kl. 13:14:24 CEST,  Rowland penny via samba wrote:
> >> As for 'systemd', not sure what this actually does, but
when I am forced
> >> to use systemd (e.g. on my rpi), everything works even though I
remove
> >> 'systemd' from the passwd and group lines in
nsswitch.conf.
> > 
> > The systemd NSS module handles dynamically allocated users and groups
when
> > a unit has DynamicUser=true. See systemd.exec(5).
> 
> Care to say where that would be used ?
Wherever you want, I guess. I think the idea is to isolate network services 
better from each other than if you run them as nobody.

-- 
Magnus Holmgren        holmgren at lysator.liu.se
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.samba.org/pipermail/samba/attachments/20200504/1b88713f/signature.sig>

On 04/05/2020 21:06, Magnus Holmgren via samba wrote:
> m?ndag 4 maj 2020 kl. 20:45:37 CEST skrev  Rowland penny via samba:
>> On 04/05/2020 19:24, Magnus Holmgren via samba wrote:
>>> Sunday 3 maj 2020 kl. 13:14:24 CEST,  Rowland penny via samba
wrote:
>>>> As for 'systemd', not sure what this actually does, but
when I am forced
>>>> to use systemd (e.g. on my rpi), everything works even though I
remove
>>>> 'systemd' from the passwd and group lines in
nsswitch.conf.
>>> The systemd NSS module handles dynamically allocated users and
groups when
>>> a unit has DynamicUser=true. See systemd.exec(5).
>> Care to say where that would be used ?
> Wherever you want, I guess. I think the idea is to isolate network services
> better from each other than if you run them as nobody.
So you don't actually know of a case where it could be used, I will just 
stick to removing 'systemd' from nsswitch.conf, others can do as they
wish.

Rowland

m?ndag 4 maj 2020 kl. 22:22:04 CEST skrev  Rowland penny via
samba:
> On 04/05/2020 21:06, Magnus Holmgren via samba wrote:
> > m?ndag 4 maj 2020 kl. 20:45:37 CEST skrev  Rowland penny via samba:
> >> On 04/05/2020 19:24, Magnus Holmgren via samba wrote:
> >>> The systemd NSS module handles dynamically allocated users and
groups
> >>> when
> >>> a unit has DynamicUser=true. See systemd.exec(5).
> >> 
> >> Care to say where that would be used ?
> > 
> > Wherever you want, I guess. I think the idea is to isolate network
> > services
> > better from each other than if you run them as nobody.
> 
> So you don't actually know of a case where it could be used, I will
just
> stick to removing 'systemd' from nsswitch.conf, others can do as
they wish.
I thought you were asking for a use case. No, if you don't have any systemd 
units that make use of the dynamic user feature, you don't need to include 
that NSS module. Strictly speaking, you don't need it even you do use that 
feature; that just means you can't translate the uids and gids, but since
they
are ephemeral and not supposed to own any files, other than possibly temporary 
ones, I don't see how that's much of a loss.

BTW I should have said that the idea is to isolate multiple instances of the 
same service from each other. Different services preferably run under 
different normal accounts.

-- 
Magnus Holmgren        holmgren at lysator.liu.se
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.samba.org/pipermail/samba/attachments/20200504/23dba2b2/signature.sig>