| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:in-reply-to:references:date | |
| :message-id:subject:from:to:content-type; q=dns; s=default; b=xF | |
| 4+oKOjkixddU4o/wRz1FbvdDw9DxfSUDTEQIpPtoVrPdoF0F9ZDSxzqsKp0nnSKm | |
| VXGeqIeQGg25fKQ7H0TEvDctGKQg4j0SBGt5TvXht7DU8fePUVcAUBcb+VLGJmnd | |
| PXRU/YIS3SRfMXl1NH9ODzwrqUzg+QhObqKydegPk= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:in-reply-to:references:date | |
| :message-id:subject:from:to:content-type; s=default; bh=U9vBFNKO | |
| 2m3R8AImy2pIu0fTyIs=; b=KO+O3Kgqj6NsbtuY6HhRo1T+kAK5+xV3MoqAFmDo | |
| XEDbpiOdME21rE4ZLsjiiF23mxSrXTrqElme7wO9EmJUz4k+CZkqhG+cdlcY86Hg | |
| p0qHKtrc2qVwpgGz+E7zaLlv9DXrW8TNGMzdkdNNGc8/scxWPL6LtYdGZWL45OvD | |
| R4M= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=4.9 required=5.0 tests=AWL,BAYES_05,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPAM_BODY1,SPF_PASS autolearn=no version=3.3.2 |
| X-HELO: | mail-lb0-f176.google.com |
| MIME-Version: | 1.0 |
| X-Received: | by 10.152.207.105 with SMTP id lv9mr19999882lac.10.1429029898055; Tue, 14 Apr 2015 09:44:58 -0700 (PDT) |
| In-Reply-To: | <20150414145323.GH7343@calimero.vinschen.de> |
| References: | <CADi7v6LUZhr6UVSYA+Fe27f-aWJcxVxUXb3vR02rVuW9cG3a6A AT mail DOT gmail DOT com> <loom DOT 20150414T085644-392 AT post DOT gmane DOT org> <20150414080044 DOT GB7343 AT calimero DOT vinschen DOT de> <CADi7v6J=h7ydravvigVwMpT5P4QwMS1L73m1zhy==DtrL-SHhQ AT mail DOT gmail DOT com> <20150414092313 DOT GE7343 AT calimero DOT vinschen DOT de> <CADi7v6JVqPi9SE44CbfYfd-aWUd8w2=2Uu=2=BR6ZM6H9qDgqA AT mail DOT gmail DOT com> <20150414145323 DOT GH7343 AT calimero DOT vinschen DOT de> |
| Date: | Tue, 14 Apr 2015 12:44:57 -0400 |
| Message-ID: | <CADi7v6+Fs_MR+i5ULMqqvaAuy1G_CAL=bEuifCKvLDFSURAZVg@mail.gmail.com> |
| Subject: | Re: Making Cygwin More Tolerant of Orphaned SIDs? |
| From: | Bryan Berns <bryan DOT berns AT gmail DOT com> |
| To: | cygwin AT cygwin DOT com |
| X-IsSubscribed: | yes |
On Tue, Apr 14, 2015 at 10:53 AM, Corinna Vinschen <corinna-cygwin AT cygwin DOT com> wrote: > On Apr 14 07:24, Bryan Berns wrote: >> On Tue, Apr 14, 2015 at 4:00 AM, Corinna Vinschen >> > >> > The problem is that Cygwin, or any other tool trying to resolve SIDs >> > doesn't know a SID won't resolve before it tried. And then it's an >> > OS function which takes its time. It's like checking for network >> > machines providing shares. Sometimes this test takes ages, but in >> > this case, fortunately, you see that it takes ages in Explorer as >> > well. >> > >> > As for ACLs, you can alleviate the problem somewhat by running cygserver >> > on the machine, which allows to cache SIDs for all processes. So only >> > the first process trying the SID will take time, followup processes will >> > get the cached results from cygserver. >> > >> > Other than that, except for ignoring ACLs entirely (noacl) I have >> > no idea how to solve this problem differently. >> >> Yes, I understand there's nothing Cygwin can do beforehand -- that >> means sense. I guess what I'm saying is that Cygwin doesn't appear to >> be caching SIDs in certain scenarios. >> >> For example, I create a whole bunch of files (like 5000), I use >> icacls to append a new ACE. Then I do a 'time ls -l >> /cygdrive/c/somedir/*'. Takes four seconds. In the same Cygwin >> session, I remove the local group (net localgroup testgroup /delete). >> I do the same 'time ls -l /cygdrive/c/somedir/*'. Takes 20 seconds. >> Subsequent runs in the also take 20 seconds. Since I'm able to >> continue to see the slowdown in the same session, cygserver wouldn't >> help right? >> >> Is the above expected? > > Yes. Without cygserver, caching only works from parent to child process. > One run of ls can't cache data for a parallel run of ls in trhe same > session. As, btw., explained in the documentation: > > https://cygwin.com/cygwin-ug-net/ntsec.html Alright, I'll give it a shot when I get back to my lab. I suspect it shouldn't take an additional 16 seconds to attempt to lookup account information (and fail) on my two node test network so I'm curious how much this will cut the time by. If I setup cygserver with all the --no options set (reference: https://cygwin.com/cygwin-ug-net/using-cygserver.html) since I don't want any accidental cross-user information sharing, will that effectively only provide the SID caching functionality or is there other functionality to be wary of? Thanks for everything! Bryan -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |