Mail Archives: cygwin/2015/04/22/04:43:56
--kjwfQs4m3ZHLWJuw
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Apr 22 10:58, John Orr wrote:
> Thank you Corinna, for this and all your other fantastic work for the
> cygwin community.
Thank you!
> Thanks. First up - when I first read of all the changes to
> permissions, I thought I read that the /etc/passwd and /etc/group
> files should no longer be necessary, and I thought I'd deleted them,
> [...]
> > So, what does `id' print for you?
>=20
> #: john AT johndesktop:~ ; id
> uid=3D197608(john) gid=3D545(Users) groups=3D545(Users),197121(None),114(=
Local account and member of Administrators group),544(Administrators),4(INT=
ERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization=
),113(Local account),4095(CurrentSession),66048(LOCAL),262154(NTLM Authenti=
cation),405504(High Mandatory Level)
This is in an elevated shell, and it's with the passwd file still
present, right? Otherwise, as a local account, your primary group
should be "None". This is not changable in Windows for local SAM
accounts.
> [...]
> > No, that's not the case. All user are members in the Users group. `net
> > localgroup Users' should show this.
>=20
> Ok, that makes sense - I guess I was confused by the lines in my previous=
ly posted 'net user john' output saying:
>=20
> Local Group Memberships *Administrators=20=20=20=20=20=20=20
> Global Group memberships *None=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20
>=20
> Why no mention of Users? Also:
>=20
> #: john AT johndesktop:~ ; net localgroup Users
> Alias name Users
> Comment=20=20=20=20=20=20=20=20
>=20
> Members
>=20
> -------------------------------------------------------------------------=
------
> NT AUTHORITY\Authenticated Users
> NT AUTHORITY\INTERACTIVE
> The command completed successfully.
>=20
> (I can check with our Windows sysadmin about this if you like.)
Well, I can't really tell you why this is. You're of course still
indirectly a member of the Users group, via the membership in
"Authenticated Users". Why your account isn't directly a member of
Users, I don't know. Usually, if you create local accounts on Windows,
the account is a direct member of Users.
> > However, your *real* primary group
> > as a local user is the group called "None" (unless you're using a
> > "Microsoft Account", but that doesn't seem to be the case here).
>=20
> Said sysadmin confirmed it's a standalone machine - though I don't
> know what a "Microsoft Account" is I don't think...
Logging in via your email address.
> For the record, I'll share my confusion that if my real group is None, I =
don't know why I get this:
> #: john AT johndesktop:~ ; net localgroup None
> System error 1376 has occurred.
>=20
> The specified local group does not exist.
>=20
> #: john AT johndesktop:~ ; net group None
> This command can be used only on a Windows Domain Controller.
>=20
> More help is available by typing NET HELPMSG 3515.
>=20
> #: john AT johndesktop:~ ; NET HELPMSG 3515
>=20
> This command can be used only on a Windows Domain Controller.
I share the confusion, too. I don't know why Microsoft didn't allow to
show info on "None" in the command line nor in the GUI. We'll probably
never know. Ultimately it is possible to change the comment and other
stuff for group None programatically I think, but I never actually tried
it.
> > For getting this stuff working it might be better to start out by remov=
ing
> > all these settings and start from scratch, looking what's there and wha=
t's
> > not (passwd, group files, nsswitch.conf settings).
>=20
> Totally agree (and as I say, this was my original thought too).
Can we please start from scratch? First, you removed passwd and group
files, ok? Keep everything commented out in nsswitch.conf, or set it
to
passwd: db
group: db
Please also remove the comment settings for your user and any group in=20
the local SAM. Stop all Cygwin processes. Start a new shell.
Let's have a look at the output of
$ id
$ getent passwd $USER
$ cd <some local directory> # Not network share
$ touch foo
$ ls -l foo
Does it look correct? Are you "john" and your primary group is "None"?
> Removing passwd and group immediately changes my output to=20
> #: john AT johndesktop:/etc ; ll /cygdrive/l/.bashrc
> -rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22 2013 /cygdrive/l/.=
bashrc
This is why you should start from scratch. It totally baffles me that
you see an "Unknown+User" here. Given that this is a Samba share, what
you *should* see is "Unix_User+$UID". "Unknown+User" means that Cygwin
or rather, Windows can't resolve the SID Samba returns. Fishy...
Next you do this aforementioned `ls -l' on the samba share. So we
know your Linux account is john (uid 1000) and your primary group is
john (gid 1000).
Create a file "foo1" on the share via Windows, and create a file "foo2"
on the share directly from Linux.
Assuming the Samba machine is not running winbind, what you should see for
a just created file is this:
=46rom Linux shell:
-rw-r--r-- 1 john john [...] foo1
-rw-r--r-- 1 john john [...] foo2
=46rom Cygwin:
-rw-r--r-- 1 Unix_User+1000 Unix_Group+1000 [...] foo1
-rw-r--r-- 1 Unix_User+1000 Unix_Group+1000 [...] foo2
If you look into Explorer's "Properties" dialog for the files, the
"Security" tab should show something like this in both cases:
Everyone
john (Unix User\john)
john (Unix Group\john)
However, if that's not the case, something else is going on. The
Samba machine is running winbindd and access from your Windows machine
creates files under another Linux account which is then mapped back
to some Active Directory account.
If so, we're running into a problem here. Is your machine an AD member
machine? It doesn't seem so. But then, Cygwin won't be able to resolve
the SID it gets back for these files. I really wonder if there's some
configuration problem between your machine and the rest of the company
which just leaves Cygwin hanging in the rain.
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--kjwfQs4m3ZHLWJuw
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJVN181AAoJEPU2Bp2uRE+gjDcP/2B2f2vrSWs8Lhvnx03SyRYH
Ol2nBUvphwzV3TfO9q5HpmouCdy/uBZIX7PWeKwt8OX5i7ADrSp/RuoRpbfw5ftC
9ZbrXeACq35h0Vc9GvOBVwc0/vugiiGOmgmp1UweVgaTzzgGnT071J0TR0wxOCsZ
sDsCA2aPoZHTXGWMLMep+yZ+xspoOUrxmNDpTgZJGQf/tT2Sr2dIwW3glvJj7hm/
K5vaBakbGz9bBd5fwu9kX68cJVOTFDDskS3pnLah+Sw00XwJeJgKiMlQUDYA6HDk
2W73SqHvx3+isDYWN/7J+emdWREjn4ULlQH9GTmM+tvqg9AhxN1XtWxE1D7j/W/C
MRbDX9pA13U3WVXIL3Qir+tUC4jgQ2QnzYDdsPb/DgH1oLtKCR71fTg7udtugr+D
qZoY2J7nUKx2PbR8PzWUrqSKHiRDw8fmfFlfpuW0VZ19gQnz0wQVzZYdJ2Zksm70
t11oclo5p3PqT+BJfgKfI508OgLGSYQc6bJUB8/XZ2mSBT/v3BhrODW56BK9muZb
mOxrxIreb9fLQjWehvIwX4IT8euh8479hwY82pSSptnoIL8D8V7dqGx7B9sn84vx
b4cu4pWfADFdsrxFfu8llswxSUtWGRliOg09f4BtIfv6jokxKjuck6awmw1/EnKD
812LfFJpvb68EougIU+b
=f98Q
-----END PGP SIGNATURE-----
--kjwfQs4m3ZHLWJuw--
- Raw text -