X-Recipient:	archive-cygwin AT delorie DOT com
X-Spam-Check-By:	sourceware.org
To:	cygwin AT cygwin DOT com
From:	Marc Girod <marc DOT girod AT gmail DOT com>
Subject:	Re: mkpasswd -l -d completed after 5 days
Date:	Fri, 7 Mar 2008 09:23:25 +0000 (UTC)
Lines:	66
Message-ID:	<loom.20080307T090549-787@post.gmane.org>
References:	A<loom DOT 20080305T103058-349 AT post DOT gmane DOT org> <70952A932255A2489522275A628B97C3064C4ACF AT xmb-sjc-233 DOT amer DOT cisco DOT com>
Mime-Version:	1.0
User-Agent:	Loom/3.14 (http://gmane.org/)
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

Matt Seitz (matseitz <matseitz <at> cisco.com> writes:

> I ran into similar problems with "mkpasswd" taking a long time on a
> large Active Directory (AD) domain.  I
> worked around the issue using the following procedure:
...

Thanks.
I think I can go on with the files I got.
Maybe the purpose of these procedures should be better documented.
What is actually needed, and for what?
There is already a good deal of contents about ntsec and smbsec, 
but it could still be improved, I'm afraid.

I am still puzzled by the non-obvious way the various accounts work.
E.g. I can do 'chown 18:544 ...' (SYSTEM:Administrators, with the SYSTEM
mapping as it seems to the 'LocalSystem' reported by cygcheck as the uid
under which my apache is run under cygrunsrv) to some file, after which 
I cannot edit it anymore, but despite my expectations, I can still copy
files to the same directory where I cannot touch them!?

bin> ls -lnd .
drwxr-xr-x+ 3 18 544 0 Mar  6 18:26 .
bin> touch foo
touch: cannot touch `foo': Permission denied
bin> ls -lnd foo
ls: cannot access foo: No such file or directory
bin> touch /tmp/foo
bin> mv /tmp/foo .
bin> ls -lnd foo
-rw-r--r-- 1 654351 10545 0 Mar  7 09:13 foo
bin> ls -ld foo
-rw-r--r-- 1 emagiro Domain Users 0 Mar  7 09:13 foo
bin> ls -ld .
drwxr-xr-x+ 3 SYSTEM Administrators 0 Mar  7 09:13 .
bin> getfacl .
# file: .
# owner: SYSTEM
# group: Administrators
user::rwx
group::r-x
mask:rwx
other:r-x
default:user::rwx
default:group::---
default:other:---
bin> grep :18: /etc/passwd
SYSTEM:*:18:544:,S-1-5-18::
bin> egrep '^Account' /tmp/cygcheck.out
Account             : LocalSystem
Account             : LocalSystem
bin> chown 18:544 foo
bin> ls -ld foo
-rw-r--r-- 1 SYSTEM Administrators 0 Mar  7 09:13 foo
bin> echo foo > foo
bash: foo: Permission denied

It is not trivial to draw the line between what is normal (or must be 
accepted) and what is weird and should be fixed...

Esp. when you first do something in a network drive, and have installed
cygwin 'for yourself' without admin rights, then reinstall cygwin 'for
all' and access the same home directory.

Thanks,
Marc


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -