Thanks, Roland! I thought rsync defaulted to using numeric ids, but am now realizing I only thought this because more often than not I'm rsync'ing to hosts where most of the source host users don't exist (so the file owner is just displayed as the source host numeric ID). About this, though: > The magic of 'id_type_both', Samba creates a usergroup if one does not > exist. I thought of this and used ADUC to look for a pgoetz group in the domain, but found none. Is this a persistent group, and if so, how/where is it stored that it can't be found by ADUC? On 12/24/21 05:15, Rowland Penny via samba wrote:>> >> My best guess is rsync is using the username to convert the UIDs? > > Of course, rather than guessing, you could read 'man rsync', where you > would find this: > > --numeric-ids > With this option rsync will transfer numeric group and user IDs rather > than > using user and group names and mapping them at both ends. > > By default rsync will use the username and groupname to determine > what > ownership to give files. The special uid 0 and the special group 0 are > never mapped via user/group names even if the --numeric-ids option is > not specified. > >> >> A secondary mystery is that my group is still "pgoetz" even though >> there >> is no such group defined in the domain. How does that work? > > It is Magic :-D > > The magic of 'id_type_both', Samba creates a usergroup if one does not > exist. > > Rowland > > >
On Tue, 2022-01-04 at 10:05 -0600, Patrick Goetz via samba wrote:> > About this, though: > > > The magic of 'id_type_both', Samba creates a usergroup if one does > not > > exist. > > I thought of this and used ADUC to look for a pgoetz group in the > domain, but found none. Is this a persistent group, and if so, > how/where > is it stored that it can't be found by ADUC?Sorry, I didn't tell you enough, you only get the usergroups on a Unix domain member with the 'rid' backend (you may get them with the 'autorid' backend, but I haven't tested it). If you look in idmap.ldb on a DC, you will find 'ID_TYPE_BOTH', but it isn't shown by getent, the same goes for the 'ad' backend on a Unix domain member. On a Unix domain member using the 'rid' backend, you will get something like this: adminuser at deb11:~$ id rowland uid=11107(rowland) gid=10513(domain_users) groups=10513(domain_users),11107(rowland)................. And adminuser at deb11:~$ getent group rowland rowland:x:11107:rowland I can assure you that there isn't a group called 'rowland' anywhere, it is all done in code. Rowland