Mail Archives: cygwin/2014/05/07/10:06:01

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/05/07/10:06:01

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

q=dns; s=default; b=miGdwJEidpAY7MFmOWhIkIrwNmgDfO0/rF6lZ97q8tT

sYaBXg36ciygbuY3cr1B584PGM7xdXgAOrnQ9AHDuZ070ZJbvP8GVTUHmpDnMBVQ

x/Blwq982QgnTmzJSVgMUvzv4xJ0GVTC4Y6o5Gl1i3gCgk5uYyezWRjSbtZzbZZE

=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

s=default; bh=Y0XHzY4nIE5f1QTYg1Jmss0jfMU=; b=bePjwHrdBTmrVvx97

KBYO1U5fTRJtikFyOzUMzM6S6M4NUFaSvkhzRZyey/cTk8cH2yzlnJ2UhUDqpCUX

OGYtB5KOlPfdjyW62Eq5HLxd9BzcngWfJENzOsgIvWMmJtStBMtvImDEZ9PJAeDI

LDczJvbA+BgE7QGtdtEIrxKLtE=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2

X-HELO: mail-ie0-f182.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=kiSxWX54ydWAaU0+dYzbeOxHhB5/grAwPMYaDon06DM=; b=Nzltz3vrG9agXohGuxS4wUaz7ZjDWtXkQ/K40SicK7n+lNBlo/9DBLzJmYcmfSroHO RZYHlms/DHWWjzFXepWEkTsU3viQ/VDxDTpP0lmRLIX2R4nL8Jxx/DfM53xO03lddnIg 4bO2pkKVQ6aTTaYpqCbpTaVw5WCRZmy102bxgCf0hMHmHiUKFkxj5FvpZ/8qtbQMgWEo KGTRCYRGVmy5qWxkgpASxFpb5hYyt0CBK06ACR9FHMw9IIC8oeWhFuEK07dWo1PdQexF SNsT4481qhMc04bV6iEY9j8WJPGkpnnGIaXoPlKQtEkt73wd7BVECej+TlaWqj+HOOzh jqMw==

X-Gm-Message-State: ALoCoQnIPh9t4uVJByGilTj7VUhJtneXDfiPsPwD85f4j9f5TOJoFvUPD5A1xfWjV9GWxOMU/JcT

X-Received: by 10.50.92.98 with SMTP id cl2mr43915527igb.14.1399471526221; Wed, 07 May 2014 07:05:26 -0700 (PDT)

Message-ID: <536A3DA3.8060508@breisch.org>

Date: Wed, 07 May 2014 10:05:23 -0400

From: "Chris J. Breisch" <chris DOT ml AT breisch DOT org>

User-Agent: Postbox 3.0.9 (Windows/20140128)

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: Microsoft Accounts (was Re: Problem with "None" Group on Non-Domain Members)

References: <20140505144745 DOT GA6993 AT calimero DOT vinschen DOT de> <5367ACED DOT 40409 AT breisch DOT org> <20140505154230 DOT GB7694 AT calimero DOT vinschen DOT de> <5367B990 DOT 8050907 AT breisch DOT org> <20140505165723 DOT GM30918 AT calimero DOT vinschen DOT de> <5367DEE5 DOT 5010407 AT breisch DOT org> <20140506125203 DOT GO30918 AT calimero DOT vinschen DOT de> <53691564 DOT 1070200 AT breisch DOT org> <20140506171626 DOT GZ30918 AT calimero DOT vinschen DOT de> <53692867 DOT 4060305 AT breisch DOT org> <20140507115730 DOT GE30918 AT calimero DOT vinschen DOT de>

In-Reply-To: <20140507115730.GE30918@calimero.vinschen.de>

X-IsSubscribed: yes

Corinna Vinschen wrote:
> On May  6 14:22, Chris J. Breisch wrote:
>> Corinna Vinschen wrote:
>>> On Windows, users and groups are identified not by uid/gid, but by
>>> their SID.  The SID is a unique value, but other than that, a SID can
>>> be a user or a group and in lots of cases Windows doesn't care.
>>> A group can be owner of a file and a user can be the group of the file,
>>> it just doesn't matter to Windows.
>>>
>>> The permission "problem" you're seeing is a result of that.  Your user
>>> *and* your primary group are both your user's SID.  Therefore the same
>>> account is user and primary group at the same time.  Therefore, if
>>> the file is created, it gets created with an ACL with user and group
>>> being the same account.  Therefore the POSIX translation of the user
>>> and group permissions on the file are always the same.
>>>
>>> Does this clear it up?
>> Yes, that makes complete sense. Thank you again.
>
> I toyed around with the Microsoft Account a bit more.  And here's why
> the primary group SID being identical to the user SID is not a good
> idea:
>
>    Security checks.
>
> For instance:
>
>    $ echo $USER
>    VMBERT8164+local_000
>    $ screen
>    Directory /tmp/uscreens/S-VMBERT8164+local_000 must have mode 700.
>
> Huh?
>
>    $ ls -l /tmp/uscreens/
>    total 0
>    drwxrwx---+ 1 VMBERT8164+local_000 VMBERT8164+local_000 0 May  7 12:44 S-VMBERT8164+local_000
>
> Uh Oh.
>
> This will be a problem with other security sensitive applications, too.
> Sshd comes to mind.
>
Yes, it was when dealing with ssh that I discovered this issue, and was 
the reason I brought it up. Ssh wants many of its files to be only 
accessible by the owner, and not any group.

> So I guess we really should make sure the primary group SID is some
> valid group, not the user's SID.
>
> "None" is not an option since it's not in the user token group list.
>
> "Users" seems to be the best choice at first sight.
 >
That's what I've thought from the beginning.

> Alternatively we could use the S-1-11-xxx SID of the Microsoft Account.
> That would be in line with the idea to have a user-specific primary
> group.
>
I'm not sure how that helps or even would work. Are you talking about 
creating a group just for Cygwin purposes that wouldn't map to an actual 
group on the box? Seems like I need to get some more caffeine and go 
back and reread your attached document from several messages ago.

> Thoughts?
>
>
> Corinna
>


-- 
Chris J. Breisch

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	q=dns; s=default; b=miGdwJEidpAY7MFmOWhIkIrwNmgDfO0/rF6lZ97q8tT
	sYaBXg36ciygbuY3cr1B584PGM7xdXgAOrnQ9AHDuZ070ZJbvP8GVTUHmpDnMBVQ
	x/Blwq982QgnTmzJSVgMUvzv4xJ0GVTC4Y6o5Gl1i3gCgk5uYyezWRjSbtZzbZZE
	=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	s=default; bh=Y0XHzY4nIE5f1QTYg1Jmss0jfMU=; b=bePjwHrdBTmrVvx97
	KBYO1U5fTRJtikFyOzUMzM6S6M4NUFaSvkhzRZyey/cTk8cH2yzlnJ2UhUDqpCUX
	OGYtB5KOlPfdjyW62Eq5HLxd9BzcngWfJENzOsgIvWMmJtStBMtvImDEZ9PJAeDI
	LDczJvbA+BgE7QGtdtEIrxKLtE=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	mail-ie0-f182.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=kiSxWX54ydWAaU0+dYzbeOxHhB5/grAwPMYaDon06DM=; b=Nzltz3vrG9agXohGuxS4wUaz7ZjDWtXkQ/K40SicK7n+lNBlo/9DBLzJmYcmfSroHO RZYHlms/DHWWjzFXepWEkTsU3viQ/VDxDTpP0lmRLIX2R4nL8Jxx/DfM53xO03lddnIg 4bO2pkKVQ6aTTaYpqCbpTaVw5WCRZmy102bxgCf0hMHmHiUKFkxj5FvpZ/8qtbQMgWEo KGTRCYRGVmy5qWxkgpASxFpb5hYyt0CBK06ACR9FHMw9IIC8oeWhFuEK07dWo1PdQexF SNsT4481qhMc04bV6iEY9j8WJPGkpnnGIaXoPlKQtEkt73wd7BVECej+TlaWqj+HOOzh jqMw==
X-Gm-Message-State:	ALoCoQnIPh9t4uVJByGilTj7VUhJtneXDfiPsPwD85f4j9f5TOJoFvUPD5A1xfWjV9GWxOMU/JcT
X-Received:	by 10.50.92.98 with SMTP id cl2mr43915527igb.14.1399471526221; Wed, 07 May 2014 07:05:26 -0700 (PDT)
Message-ID:	<536A3DA3.8060508@breisch.org>
Date:	Wed, 07 May 2014 10:05:23 -0400
From:	"Chris J. Breisch" <chris DOT ml AT breisch DOT org>
User-Agent:	Postbox 3.0.9 (Windows/20140128)
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: Microsoft Accounts (was Re: Problem with "None" Group on Non-Domain Members)
References:	<20140505144745 DOT GA6993 AT calimero DOT vinschen DOT de> <5367ACED DOT 40409 AT breisch DOT org> <20140505154230 DOT GB7694 AT calimero DOT vinschen DOT de> <5367B990 DOT 8050907 AT breisch DOT org> <20140505165723 DOT GM30918 AT calimero DOT vinschen DOT de> <5367DEE5 DOT 5010407 AT breisch DOT org> <20140506125203 DOT GO30918 AT calimero DOT vinschen DOT de> <53691564 DOT 1070200 AT breisch DOT org> <20140506171626 DOT GZ30918 AT calimero DOT vinschen DOT de> <53692867 DOT 4060305 AT breisch DOT org> <20140507115730 DOT GE30918 AT calimero DOT vinschen DOT de>
In-Reply-To:	<20140507115730.GE30918@calimero.vinschen.de>
X-IsSubscribed:	yes