Mail Archives: cygwin/2014/03/11/11:48:29

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/03/11/11:48:29

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=rM8ACGMjcLEtLU5EzwXVH8lSRsYz4ySC+077RNW/y46ZD2WyK4M5A

8jorX11hATe8R2P05iUpak0Vq+q4VD/oZ7JS43i9Ub5VIT7O2v0fxOdR3pmzEPQY

0emvO8oNnCTveqAqQ90AlsmkmB+kAubIZ56H+UWq58s3F5M8r9owcE=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=5hG05pmXeJ2dgWefMBQs5i1WRbM=; b=wLFVNGTE6esDEQNbzQP3pkSEMMYW

WgVW6xzvKDmaege97y4gHWRSvKWDSlWul+dkqCZY4Tm0EH6lyNrB0A4fZUcTBuqK

4jG4IfL3Gfq7zDVqAZEadMU9XK+HFHwYSuma0pA4vnoJilpGUXCJVmUumob4j4jc

cOQt2LnjZU6YxFI=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2

X-HELO: calimero.vinschen.de

Date: Tue, 11 Mar 2014 16:47:50 +0100

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Testers needed: New passwd/group handling in Cygwin

Message-ID: <20140311154750.GP28681@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <loom DOT 20140310T181432-804 AT post DOT gmane DOT org> <20140310181339 DOT GF28681 AT calimero DOT vinschen DOT de> <87mwgxsyac DOT fsf AT Rainer DOT invalid> <20140310191603 DOT GH28681 AT calimero DOT vinschen DOT de> <87iorlsvvn DOT fsf AT Rainer DOT invalid> <loom DOT 20140311T081705-682 AT post DOT gmane DOT org> <20140311102007 DOT GJ28681 AT calimero DOT vinschen DOT de> <loom DOT 20140311T125212-440 AT post DOT gmane DOT org> <20140311130716 DOT GB21306 AT calimero DOT vinschen DOT de> <loom DOT 20140311T152430-775 AT post DOT gmane DOT org>

MIME-Version: 1.0

In-Reply-To: <loom.20140311T152430-775@post.gmane.org>

User-Agent: Mutt/1.5.21 (2010-09-15)

--SUk9VBj82R8Xhb8H
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar 11 15:07, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > You don't have to move them away.  Just set nsswitch.conf.
>=20
> Did that and using the snapshot DLL from 2014-03-05 on top of a full
> snapshot install from 2014-03-10.  The ACL is this:
>=20
> # file: x86
> # owner: gratz
> # group: Domain Users
> user::---
> group::---
> group:admin-cygwinupload:rwx
> group:user-cygwinupload:rwx
> mask:rwx
> other:---
> default:user::---
> default:group::---
> default:group:admin-cygwinupload:rwx
> default:group:user-cygwinupload:rwx
> default:mask:rwx
> default:other:---
>=20
> With the original passwd and group file in place and nsswitch.conf set to
> either "files" or "files db" the test fails.  With just "files" getfacl
> doesn't show the group ACL at all,

How does it look with any non-AD integrated Cygwin?

> while with "files db" I see the ACL for
> both the admin and the user group (both are not in the group file).  Sett=
ing
> to just "db" the ACL is shown as before and the test from Perl now succee=
ds!

Ok.

>  In fact any combination that includes "files" fails.

Hmm.  So you're saying that the groups in question are not in
/etc/groups, but it works with the non-AD Cygwin but not with the
AD-Cygwin?  A group which is not in /etc/groups is, in theory, just not
in the ACL with the old Cygwin.  What's not in Cygwin anymore is the
mapping of a non-existing account to the uid/gid -1, what would have
been printed as "????????" in ls output.  This automatism would have
collided with the DB stuff, but maybe I have to re-introduce it if only
"files" is used.  This could explain what happens in the "files"-only
case...

...but that doesn't explain what happens with "files db".  The uid/gid
values may differ from the DB values, but only if the account actually
exists in the file.  And then the values in the files would have
precedent over the db values.  I'm really wondering what perl is
checking there.

> So, after some head
> scratching I changed the uid and gid in the passwd and group files to mat=
ch
> the new mapping scheme and lo and behold the test is now working.  The
> getfacl command starts to show the group ACL when I add them to the group
> file (with the correct gid mapping), but the test still fails with "files"
> only.  With the correct group entries and "files db", the test also works.

Erm...

> So, Perl somehow uses the gid/uid mapping and relies on those to be worki=
ng,

Whatever it's doing there.  That doesn't make sense, unless it calls
getgrent maybe?!?

> while bash uses a code path that doesn't and probably just uses the uid/g=
id
> directly.

Much easier.  bash just calls access(2).

> I guess I could make the "files" only case work by adding some
> more groups (no time for checking what that might be at the moment), again
> changing the mapping (will mkpasswd do this at some point?).  Do you still
> need traces or does get you a test case that works in your environment?

Yes, please.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--SUk9VBj82R8Xhb8H
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTHzAmAAoJEPU2Bp2uRE+g9W8P/RGZaYFpxoBSS79zmPEVKfLa
hYBf6ximxBvxkWCDLzxulqvaN0/mm1zSmTgLrb50lHec+Ou22urf9E/4B7c6aBoZ
v+Z08VOFD718lxvXBwi8rynFjovn3tMNuQ17uo2Q5Buo5tG42DppqaR36MC+hMvb
ztAwS0LYE8+EwHz50Mqx91pyfso/m079jrVkmuTHW86dQJ5LMmowOwLSWFBqxd20
qbJ5CCvPXvYGnZ7a9UlMXzvy7sY231ePFY50q2j55mZpwf15sVhmZgTd4VLvNw3o
EdXCD0eLFQoU9IG+DdboZixjHNmgq4EJuymU/tCTbBerTV1dm5aYirEf1M8l4WIK
hZed2V/PFVbpAmNZzz5ZXIe0kNDA0EIDQl2iY7Kyu6GbbNcISvENzqVpPAMjlbzq
RQFe1roR0t/kn8CW6CO1Yydq1BQuKSeMvWmusNBM/NGzKkWQTmhEsfek+B24C4OM
y/nxbm8Tft1OVhjkWvA5Ep/CjWUXfLV0Szrt2h+aEFpOgTq0V6d9y1jwAjn909ge
tEkGPCiJJGyz/z/wNOKbbQZ9C5Nkx01iCiU4HL4BCr4g+3yhD8xlWBHsvbhPgzmi
0Fv/iNRwzGVMzoRVUk6vn9rTL9r5A6WYKiteUHHqipcrSRmjX8XAEmdu+eJY0Eo9
AnQUZkEZUFD359WKEOv+
=LKSg
-----END PGP SIGNATURE-----

--SUk9VBj82R8Xhb8H--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=rM8ACGMjcLEtLU5EzwXVH8lSRsYz4ySC+077RNW/y46ZD2WyK4M5A
	8jorX11hATe8R2P05iUpak0Vq+q4VD/oZ7JS43i9Ub5VIT7O2v0fxOdR3pmzEPQY
	0emvO8oNnCTveqAqQ90AlsmkmB+kAubIZ56H+UWq58s3F5M8r9owcE=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=5hG05pmXeJ2dgWefMBQs5i1WRbM=; b=wLFVNGTE6esDEQNbzQP3pkSEMMYW
	WgVW6xzvKDmaege97y4gHWRSvKWDSlWul+dkqCZY4Tm0EH6lyNrB0A4fZUcTBuqK
	4jG4IfL3Gfq7zDVqAZEadMU9XK+HFHwYSuma0pA4vnoJilpGUXCJVmUumob4j4jc
	cOQt2LnjZU6YxFI=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO:	calimero.vinschen.de
Date:	Tue, 11 Mar 2014 16:47:50 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Testers needed: New passwd/group handling in Cygwin
Message-ID:	<20140311154750.GP28681@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<loom DOT 20140310T181432-804 AT post DOT gmane DOT org> <20140310181339 DOT GF28681 AT calimero DOT vinschen DOT de> <87mwgxsyac DOT fsf AT Rainer DOT invalid> <20140310191603 DOT GH28681 AT calimero DOT vinschen DOT de> <87iorlsvvn DOT fsf AT Rainer DOT invalid> <loom DOT 20140311T081705-682 AT post DOT gmane DOT org> <20140311102007 DOT GJ28681 AT calimero DOT vinschen DOT de> <loom DOT 20140311T125212-440 AT post DOT gmane DOT org> <20140311130716 DOT GB21306 AT calimero DOT vinschen DOT de> <loom DOT 20140311T152430-775 AT post DOT gmane DOT org>
MIME-Version:	1.0
In-Reply-To:	<loom.20140311T152430-775@post.gmane.org>
User-Agent:	Mutt/1.5.21 (2010-09-15)