delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2015/04/14/21:23:44

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:in-reply-to:references:date
:message-id:subject:from:to:content-type; q=dns; s=default; b=yq
UrkCh0R4KhRxJzTxAkQQZHdXYsn0djuPcqTdo+pHthhj02wjcH4FTV3xpjSMMbtD
b1DWExY+tWy2CfZhrsV/33ELGK7KQsGzJymVwQ8rYJT0MxrMrCWdK+Qfg6lFcNKu
2H4tbc2DPoy+JppqOBC/v907lMjHC2pbssuZuJXw4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:in-reply-to:references:date
:message-id:subject:from:to:content-type; s=default; bh=+q7E5DgJ
xzFTsxkttXTwrl6y64k=; b=Nmqw1Er3I4po2zaNOaimxRk9balZfZ/PgT4MLUhc
Kn44i00sCGmJf743B2bpfHwXjfPwFnZfGzYiU8SYEOfUm9yG1sua5lDCPVxyirsh
C0JK6Ssh2dZ4BMpWn0quwFfGdzYnbq8tlKrxR4Kqn5gnH/Bp25g5hqSm8m8Bd30q
vRk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: Yes, score=5.7 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPAM_BODY1,SPF_PASS autolearn=no version=3.3.2
X-HELO: mail-lb0-f179.google.com
MIME-Version: 1.0
X-Received: by 10.112.134.167 with SMTP id pl7mr10572836lbb.50.1429061002497; Tue, 14 Apr 2015 18:23:22 -0700 (PDT)
In-Reply-To: <20150414182310.GR7343@calimero.vinschen.de>
References: <CADi7v6LUZhr6UVSYA+Fe27f-aWJcxVxUXb3vR02rVuW9cG3a6A AT mail DOT gmail DOT com> <loom DOT 20150414T085644-392 AT post DOT gmane DOT org> <20150414080044 DOT GB7343 AT calimero DOT vinschen DOT de> <CADi7v6J=h7ydravvigVwMpT5P4QwMS1L73m1zhy==DtrL-SHhQ AT mail DOT gmail DOT com> <20150414092313 DOT GE7343 AT calimero DOT vinschen DOT de> <CADi7v6JVqPi9SE44CbfYfd-aWUd8w2=2Uu=2=BR6ZM6H9qDgqA AT mail DOT gmail DOT com> <20150414145323 DOT GH7343 AT calimero DOT vinschen DOT de> <CADi7v6+Fs_MR+i5ULMqqvaAuy1G_CAL=bEuifCKvLDFSURAZVg AT mail DOT gmail DOT com> <20150414182310 DOT GR7343 AT calimero DOT vinschen DOT de>
Date: Tue, 14 Apr 2015 21:23:22 -0400
Message-ID: <CADi7v6JF24thSYuZPtiS1EhxY286w1MV9Q1ck5aVqmBKu7MM0g@mail.gmail.com>
Subject: Re: Making Cygwin More Tolerant of Orphaned SIDs?
From: Bryan Berns <bryan DOT berns AT gmail DOT com>
To: cygwin AT cygwin DOT com
X-IsSubscribed: yes 

On Tue, Apr 14, 2015 at 2:23 PM, Corinna Vinschen
<corinna-cygwin AT cygwin DOT com> wrote:
> On Apr 14 12:44, Bryan Berns wrote:
>> On Tue, Apr 14, 2015 at 10:53 AM, Corinna Vinschen
>> <corinna-cygwin AT cygwin DOT com> wrote:
>> > On Apr 14 07:24, Bryan Berns wrote:
>> >> For example, I create a whole bunch of files (like 5000),  I use
>> >> icacls to append a new ACE.  Then I do a 'time ls -l
>> >> /cygdrive/c/somedir/*'.  Takes four seconds.  In the same Cygwin
>> >> session, I remove the local group (net localgroup testgroup /delete).
>> >>  I do the same 'time ls -l /cygdrive/c/somedir/*'.  Takes 20 seconds.
>> >> Subsequent runs in the also take 20 seconds.  Since I'm able to
>> >> continue to see the slowdown in the same session, cygserver wouldn't
>> >> help right?
>> >>
>> >> Is the above expected?
>> >
>> > Yes.  Without cygserver, caching only works from parent to child process.
>> > One run of ls can't cache data for a parallel run of ls in trhe same
>> > session.  As, btw., explained in the documentation:
>> >
>> >   https://cygwin.com/cygwin-ug-net/ntsec.html
>>
>> Alright, I'll give it a shot when I get back to my lab.  I suspect it
>> shouldn't take an additional 16 seconds to attempt to lookup account
>> information (and fail) on my two node test network so I'm curious how
>> much this will cut the time by.
>> If I setup cygserver with all the --no options set (reference:
>> https://cygwin.com/cygwin-ug-net/using-cygserver.html) since I don't
>> want any accidental cross-user information sharing, will that
>> effectively only provide the SID caching functionality or is there
>> other functionality to be wary of?
>
> You don't have to disable anything.  Just don't set the debug option
> to avoid logging passwd entries.
>

Finally tested with cygserver (temporarily with debug on so I can see
what's going on).  I can definitely see the one entry returned when I
run 'ls -l' over my whole collection of files while my test group
(LocalGroupTest) is still present.  Sample log as follows:

/home/corinna/src/cygwin/cygwin-2.0.0/prerelease/cygwin-2.0.0-0.4.i686/src/newlib-cygwin/winsup/cygserver/pwdgrp.cc,
line 167: Request account information returns
<BERNS-TEST+LocalGroupTest:S-1-5-21-1187188735-1394039937-4283913392-1011:197619:>
error 0

If I delete the group while cygserver is running, the results continue
to be speedy.   However, as soon as I delete the group and restart
cygserver, things go south.  Performance is even worse than without
cygserver and there are entries for EVERY file that 'ls' is hitting
even though they all have the same group in the ACL so it appears the
'Unknown' users/groups are not being cached.  Sample log as follows
(one of thousands of lines):

Request account information returns
<Unknown+User:*:4294967295:4294967295:U-Unknown\User,S-1-5-21-1187188735-1394039937-4283913392:/:/sbin/nologin>
error 0

Thoughts?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019