idmapped mounts

Posted Apr 28, 2025 2:16 UTC (Mon) by NYKevin (subscriber, #129325)
In reply to: idmapped mounts by geofft
Parent article: Addressing UID/GID drift in rpm-ostree and bootc

> I suppose the NT kernel is designed sufficiently differently from UNIX that they don't have the same model of numeric user IDs and access checks are performed with tokens/handles, so you can put the SID behind a pointer and deal with the indirection and memory allocation rarely. But it feels like this has to be high-overhead for file access checks on NTFS files, which store ownership by SID.

To the best of my understanding, the Microsoft answer to that problem is "don't pervasively hang permissions on every single object in the entire filesystem." Instead, permissions are inherited from the parent directory by default (and from its parent recursively, all the way up to the root or until you hit a directory with non-inherited permissions). So you don't have to do N checks for a path consisting of N components - you just do one or two checks for the high-level directories that actually have permissions on them, and everything else is cheap lookups of cached ACLs.

> I was also surprised to find that, even with SIDs, Active Directory accounts also have a GUID, and SIDs can change but GUIDs are permanent.

As a rule of thumb, in the Microsoft universe, everything has a GUID, or else it must not be very important.

idmapped mounts

Posted May 2, 2025 17:19 UTC (Fri) by Conan_Kudo (subscriber, #103240) [Link] (1 responses)

Yep. And personally, I think it's a smarter model.

idmapped mounts

Posted May 3, 2025 8:44 UTC (Sat) by Wol (subscriber, #4433) [Link]

The problem is that - in the standard Unix filesystem model - we have a flat root-level namespace. All files are uniquely identified by their i-node.

The directory system is independent (which is what gives us hard links). So the mechanism that works everywhere else - "traverse back up the file tree until you hit an ACL" - doesn't work in Posix.

Cheers,
Wol