X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=vpy5HkWCo40VTMTBNXmqgbscPAKw/1TNEcPZVNDs1u+vBgJHusu+W
	F9XL05o7Cw8OYoNnlAnr2ym/aFJLUNN/kfUrLSDDmIPuc4Wc7Pe3vu2DGT+bvs7X
	c+hgOWx3qsXmtbzDDDY2eRP0MPlslhLqLp/CapzSU/9vp/zmLa5F18=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=+Liqrv787HB0pacAuW+2jBOVHoE=; b=U83pCo9QN3EIBizbS0atrlbVmbcD
	P7Lh9HYKJdoQtKB4AN3z1Ln7iefdkvKkqz7L8NrvtIY7fPzjH+pAQtFsBfkKbHRB
	0eIurvTwYxp/z1P2RiVwtNGGLoMshqO6KyuWnr2lEHrUjDC2sozeeXMf4OxZINuU
	MztsS0mBUwXBWj8=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=0.0 required=5.0 tests=AWL,BAYES_40,SPAM_BODY autolearn=no version=3.3.2
X-HELO:	calimero.vinschen.de
Date:	Tue, 25 Feb 2014 21:04:14 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Testers needed: New passwd/group handling in Cygwin
Message-ID:	<20140225200414.GA4238@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<20140213143849 DOT GH2246 AT calimero DOT vinschen DOT de> <87fvn7cb68 DOT fsf AT Rainer DOT invalid>
MIME-Version:	1.0
In-Reply-To:	<87fvn7cb68.fsf@Rainer.invalid>
User-Agent:	Mutt/1.5.21 (2010-09-15)

--gKMricLos+KVdGMg
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 25 19:14, Achim Gratz wrote:
> Corinna Vinschen writes:
> > This is a pretty intrusive change, in need of some serious testing, so
> > I'd like to ask for volunteers.  The latest 2014-02-13 snapshot from
> > http://cygwin.com/snapshots/ contains the changes, including the latest
> > bugfix.
>=20
> I've tested the 2014-02-19 snapshot at work.  Two problems:
>=20
> 1. Running "id" takes 13 seconds to fetch my 440 group memberships
> (possibly there are some users that would be in ~10x as many groups).
> Caching doesn't seem to be effective for this since the next several

The stuff in the `id' application is not cached at all.  Caching is
inherited from the parent process, but the parent never asked for all
your groups so it hasn't cached this information.  Every invocation of
id has to request the group info anew.

> invocations of "id" take the same time.  During most of that time you
> actually can't ^C the process, lsass is growing a few dozen threads and
> seems to be talking to the DC.  Falling back to use just the /etc files
> makes this work really fast (much faster than without the snapshot).

Do you have a very slow connection to your DC by any chance?  I admit
that I never tested with 440 groups, only with about 30 or so, but 13
seconds sounds *very* lame.

OTOH, this isn't *quite* unexpected.  Right now, the LDAP connection to
the DC is opened and closed for every single account request.  I wasn't
sure yet if the ldap connection should be opened only once per process
and then stay open for the rest of the process lifetime.  This sounds so
much like wasting sockets...

> 2. I use a few volumes on NetApp filers that have security set up so
> that you can't change attributes.  That means POSIX permissions are
> always listed as "0000".  I uausally mount these noacl, but when I
> access them via their UNC path (for instance when Windows runs a script
> from a CWD on that volume, then Perl reports false for file test
> operators (-x, -w) other than existence.  Backing out the snapshot
> reverts to the previous behaviour of these test operators correctly
> determining that my effective rights (via normal and extended security
> attributes tied to a group memberships) are sufficient.  The shell
> (bash, tcsh) test operators work correctly, but I don't know what Perl
> is doing differently.

The fact that the shells are doing it right seems to indicate that this
isn't a generic problem.  I can't debug this, though.  Can you see if
you can figure out what's going on under the hood?  Does strace show
anything of interest?  Can we perhaps set up some joint debugging via
private mail during the next couple of days?


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--gKMricLos+KVdGMg
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTDPc+AAoJEPU2Bp2uRE+g6nQP/2dpiV3GfeptKDmGgh6Pq8rk
zQZ/brqdjGane4Y0jRHwZ4jh0Mg/cWuWyiLPb74Fj2GfdMB+ssD68pbzzzJO5LhQ
2G6bS9n1Rq+KdZm0C+O5bHPoK+1vtfGLrlnWmsfaWCYySloYFTEcf/BuS5XZ+p+A
hjJRaFv9QR/8RiNyQcxr47YQrCWk6mtrh4c3GNFpk01NyZk4mdYWvkPmA50nivF9
Ut01hdzQAxKxQpFBfW3IVxoFOEXd/BhaugPiF9z7YdPmFzy5E8FpXxMNuwTXZN1r
2FebYz7CRcTu9863aPMQAazs4KwfaMUvpjukhOes4kQ9wU729QIRJckcyHp8AhHL
jqZ+BIwTLrJBQKhRYLxMxHxUg6HYz2i37Ut5OAfhg58lPkGa+FhHraWCtUh4u9KR
Kcd7N03m1yB01dLY+dcAgc7NWt6N3BIgjvAapymRSrBLJrHZDRg7K4gfyWgvEjdv
3Lh9vLwpyTOTuRqQADEwRyPxDxG293gMHED4Zyeogtz6yKEraD1cwxwpaf/BSGEa
EFbfIH7tvVCLsp5gzkDxpyPludquzfAY7nKX5NwXhtG32cH/xrQegrDUMJ3xIX5w
43xc/o5ZuXdvjmlERfAAvHKAj+5A1hKenhGWIV589Ma44U8kFAlE1+Z2oq3qUJ1i
RLHtt4J2N/01VFGwDRw+
=UGXa
-----END PGP SIGNATURE-----

--gKMricLos+KVdGMg--

- Raw text -