Mail Archives: cygwin/2008/02/28/10:30:46
On Feb 28 14:55, Dave Korn wrote:
> On 28 February 2008 14:45, Matthieu CASTET wrote:
>
> > But then why does it works if I create dummy user in /etc/passwd.
>
> Because cygwin relies on the contents of /etc/passwd to be accurate. Cygwin
> cannot in general know what SIDs exist out there in a domain (or even on a
> local machine), it treats /etc/passwd as a cache to save going out across the
> network to the domain controller for lookups every time a UID is needed.
>
> > For example for root
> >
> > $ echo "root:*:0:0:,S-1-5-32-545::" >> /etc/passwd
> > $ chown root:root /tmp/toto
> > $ ls -l /tmp/toto
> > -rw-r--r-- 1 root root 0 Feb 28 14:49 /tmp/toto
> >
> > Does it means in this case I create "ACLs with unrecognised SIDs" ?
>
> No, because 1-5-32-545 is a real SID, hence recognised. It's a well-known
> SID that exists on all windows boxes. It is, however, a GID, not a UID: that
> is the SID of the "Users" group you have set there, so who knows how confused
> cygwin might be by that.
What confusion? In contrast to POSIX, there's no difference between a
user SID and a group SID from the perspective of security descriptors.
Cygwin doesn't care either, as long as the SID shows up in one of the
/etc/passwd, /etc/group files.
Windows allows to use a group SID as owner and a user SID as group in a
SD. The group SID in the SD has no meaning in Win32 anyway. It's more
or less only useful for the POSIX subsystem and, FWIW, Cygwin which uses
it for it's own malicious purposes(*) <insert lunatic laughter here>.
Corinna
(*) As group, actually. Hmm, I spoiled it slightly, right?
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -