Date: Sun, 30 Mar 2008 22:33:58 +0200
From: "Lennart Borgman (gmail)" <address@hidden>
CC: address@hidden, address@hidden, address@hidden
Domain users are defined by a prefix in the SID that is different from
the prefix of the local machine. The way we (and Cygwin) map SIDs to
a uid is by throwing away the prefix and keeping only the last part --
the so-called RID, the relative ID -- which is okay as long as the
prefix is identical for all users. But once users defined in the
domain server come into play, you could have 2 different users -- one
local, the other domain user -- with the same RID. That is what
Cygwin is trying to avoid.
But why is the prefix thrown away?
Because it's too large to fit in any reasonably wide variable. For
example, the full SID of my user account on the machine where I'm
typing this is comprised of 7 numbers:
1 5 21 790525478 299502267 682003330 1004
This SID is unique in the entire world, i.e. no other user or group or
any other object on any Windows system can ever have such a SID.
However, using an array for a uid is very inconvenient and will
probably break many Posix programs that assume a scalar data type.
And if we were to generate a scalar out of these numbers (each one of
them is a 32-bit word), it would be too wide for current machines. So
we exploit the fact that on a given computer, the first 4 components
of the SID are common to all accounts, and use only the last one which
is different for each user.