Mail Archives: cygwin/2015/11/29/12:11:09
--fCmRXBY78W5odcVA
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Nov 29 15:10, Kacper Michajlow wrote:
> 2015-11-29 13:59 GMT+01:00 Corinna Vinschen <corinna-cygwin AT cygwin DOT com>:
> > On Nov 29 02:16, Andrey Repin wrote:
> >> Greetings, Kacper Michajlow!
> >>
> >> >> Please also attach the output of `id' and of `getfacl . test test/t=
est'.
> >>
> >> > getfacl attached. `id` output is already in cygcheck.log
> >>
> >> > In getfacl output this line `default:group:1001 <unknown>:r-x` looks
> >>
> >> Uh-oh.
> >> Do you, by any chance, have /etc/passwd file?
> >> Or a user comment changing relevant information?
> >
> > I agree with Andrey here: Uh oh!
> >
> > The mkdir trace contains a suspicious snippet which is the reason
> > the mkdir call doesn't manage to post-process the ACL:
> >
> > [...] pwdgrp::fetch_account_from_windows: LookupAccountSidW (S-1-5-32=
-1001), Win32 error 1332
> > [...] /[...]/security.cc:337 status 0xC0000078 -> windows error 1337
> >
> > Status 0xC0000078 aka Win32 error 1337 means "invalid SID". And the
> > SID 1-5-32-1001 is in fact invalid. The S-1-5-32 prefix denotes a buil=
tin
> > account, but the RID 1001 is invalid for a builtin group. 1001 is the
> > RID of your user account, though, but that would be prefixed by the SID
> > of your machine, which looks like S-1-5-21-XXXXXXXX-YYYYYYYY-ZZZZZZZZ.
> > I don't see how this broken SID came into life, unless your /etc/passwd
> > and/or /etc/group files are broken (hand edited perhaps?).
>=20
> I guess I only changed shell to zsh in /etc/passwd, but no other
> changes were made. So I have no idea how they could get corrupted
> either.
They aren't. There is no 1-5-32-1001 SID in those files and both files
look entirely insuspicious. Given that Cygwin doesn't create any such
SID from scratch, I'm totally puzzled where this SID is coming from.
Your mkdir trace output doesn't show this SID anywhere else either.
This definitely requires more debugging...
> $ icacls test
> test NULL SID:(DENY)(Rc,S)
> DOMEK\Kacper:(F)
> DOMEK\Kacper:(RX)
> Wszyscy:(RX)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S)
> TWORCA-WLASCICIEL:(OI)(CI)(IO)(F)
> GRUPA TWORCOW:(OI)(CI)(IO)(RX)
> Wszyscy:(OI)(CI)(IO)(RX)
>=20
> $ icacls test/test
> test/test NULL SID:(DENY)(Rc,S)
> DOMEK\Kacper:(F)
> DOMEK\Kacper:(RX)
> Wszyscy:(RX)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S)
> TWORCA-WLASCICIEL:(OI)(CI)(IO)(F)
> GRUPA TWORCOW:(OI)(CI)(IO)(RX)
> Wszyscy:(OI)(CI)(IO)(RX)
Looks better now.
> BTW. icacls doesn't handle UTF-8 characters well. Just saying.
Heh, yeah. But given that icacls is a Windows tool, not a Cygwin
tool, I'm rather relaxed about this ;) I'm wondering about the
lack of UTF-8 support in most Windows CLI tools myself.
> > - Try chmod 755 test/test again.
>=20
> Works.
Ok, that's good to know. Now I just have to find out where this
weird SID was created :-P
> > - Also, would you mind to attach your /etc/passwd, /etc/group and
> > /etc/nsswitch.conf files to your reply?
>=20
> /etc/nsswitch.conf has only commented out default values. Two others
> are attached. To make this clear, I never edited those files except
> zsh change
Not even the group entry for group 11001? It doesn't look like an
entry which would get created automatically.
> so if they are corrupted in any way they must have been
> produced like that. Though it probably was over the year ago when I
> installed cygwin on this machine.
No, the files look ok, basically.
> I personally am fine with abandoning /etc/passwd and /etc/group. This
> is good enough solution for me. Though there might be other people
> with the same issue.
This seems to be a bug in Cygwin, and with the content of your files I
finally managed to reproduce the issue. I'm planning to debug this next
week and, hopefully, come up with a patch. It would be nice if you
could do another test then in your environment :}
Thanks,
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--fCmRXBY78W5odcVA
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWWzGTAAoJEPU2Bp2uRE+g32sQAJGw8nNSXYvdjaxieXslbzEq
4uDIsw+6PzNjOgkGxLTcOdMkPVCkjMS14pZzFIJzrL5byTh9ReWMk3czif3Y/mGG
U871bZVMH5mI9Oe8iRkim3dNF8ZAtVDGhdFlPrXpnN0cf2VuAzFs57JZVhUPAH6c
cVqj+Fsb3gDlLJaPNAChPTIY1moJ8PFtQ+lMiGYkId/ccVqMapOfE0C2CrYmtf/1
vU1bltk1q+Gp7DL7C23CWAkTaAbvOjuJI0PvkQoTDnzscfxvqdP81rKi4tCbp9W1
F8KfybvzJ7FfIlm3+/GED8SXvXXMthtD0Na4QL2RJx3JW60FPmiSn5phZjRl4WCP
Ieysr1Ksit3TWMJgnrl8AKWxOPL6vOoHM0z82/uoSdnkVVTYImI9MjEWiAaVJufL
vWCklPTz6xFycN/qwAsaB1KeemNbI16M2jsthzRZaSzQ9gIeTxhhhZNjuAdTeOgs
gRICsWhfCdzEtMlkmYinmfYoFELQpOLQ2l7NPk1u3sP5MxAZz0r9d62TrCLTuySR
Q/oIbC4USpt20x3MOm2dK63m9wXdlcgOshEQDLdDD7uUj9TnQI5E4CpJ9vQSpfE6
w9YlPHt/tOIWkVHYAL1undisz8t/snk9aoWaToeuR6eFJQvZLhw55cFX/1MK9LFY
AtH9rxcI3xPjQ1sY2nHo
=4VOJ
-----END PGP SIGNATURE-----
--fCmRXBY78W5odcVA--
- Raw text -