我正在审查远程 Samba 服务器提供的本地目录的权限。服务器本身是 Linux (Ubuntu 16.04)。本机是Centos 7,运行时getcifsacl得到数据,例如下面返回。我从未见过这样的 SID,它们不一定与其中的内容相匹配man setcifsacl.
Samba 服务器安全性是 ADS。
REVISION:0x1
CONTROL:0x9004
OWNER:S-1-5-21-107619651-339024737-1120166462-8298
GROUP:S-1-22-2-48
ACL:S-1-5-21-107619651-339024737-1120166462-3274:ALLOWED/OI|CI/FULL
ACL:S-1-5-21-107619651-339024737-1120166462-512:ALLOWED/OI|CI/FULL
ACL:S-1-5-21-107619651-339024737-1120166462-10452:ALLOWED/OI|CI/READ
ACL:S-1-22-1-10403:ALLOWED/OI|CI/FULL
ACL:S-1-22-1-10387:ALLOWED/OI|CI/READ
ACL:S-1-22-1-10369:ALLOWED/OI|CI/READ
ACL:S-1-22-1-10111:ALLOWED/OI|CI/READ
ACL:S-1-5-21-107619651-339024737-1120166462-1480:ALLOWED/OI|CI/READ
ACL:Everyone@WORLD AUTHORITY:ALLOWED/OI|CI/
ACL:S-1-5-21-107619651-339024737-1120166462-8298:ALLOWED/0x0/FULL
ACL:S-1-5-21-107619651-339024737-1120166462-10315:ALLOWED/0x0/READ
ACL:S-1-22-2-48:ALLOWED/0x0/FULL
ACL:S-1-22-1-10298:ALLOWED/0x0/READ
ACL:S-1-5-21-107619651-339024737-1120166462-4073:ALLOWED/0x0/READ
ACL:CREATOR OWNER@CREATOR AUTHORITY:ALLOWED/OI|CI|IO/FULL
ACL:CREATOR GROUP@CREATOR AUTHORITY:ALLOWED/OI|CI|IO/FULL
ACL:S-1-22-1-10298:ALLOWED/OI|CI|IO/FULL
ACL:S-1-5-21-107619651-339024737-1120166462-4073:ALLOWED/OI|CI|IO/FULL
4组数字是什么?例如:所有者:S-1-5-21- 107619651-339024737-1120166462-8298
我假设它是某种类型的 UID,但它映射到谁以及在什么系统上?Samba 服务器还是 ADS?
具体对于我的用例,唯一可识别的是 GROUP 中的“48”,这是应该分配的 Linux 组的 GID。
手册页描述了很多,但是对于它没有涵盖的任何内容,您能否提供可以更详细地解释此输出的资源?