Mail Archives: cygwin/2016/07/05/12:23:55

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/07/05/12:23:55

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:subject:references:from:date:in-reply-to

:message-id:mime-version:content-type; q=dns; s=default; b=xxF6i

0P45wWYRjqqe57pHaJRxUiA57imdwRbJUfmolZk9UlQjzTMK5lsl+2T+zyVISMw2

WmQNVX5fMPNUAjsf3od3uzgCOkyrZnjTUpZP/MPmY0Skz4GSnBreJcP/L+RORYqn

3mzrRHLw7KeSgnlfxa5nVAiEzNWnxwDqGg/n2U=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:subject:references:from:date:in-reply-to

:message-id:mime-version:content-type; s=default; bh=cGqwaV0dQGp

XQGTYcixrITdFzHU=; b=oYCTJNf0vUONqlVOakLv7cY0x/j/2Sf5XMD75aj3VQU

CIU+6Vc9OVbkrt6not5Mv7W8OAbzWC/d/PMIAKkVIyoexPAwROeMgSvrHCiDGayl

Ju0fz2yq9k/oHHfxpewfJ+eQdQpxZFhfeOoNKOJfmRKbrLdgi2HLQ7olln578gCE

=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_50,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=Resource, D*ac.uk, H*F:D*ac.uk, D*ed.ac.uk

X-HELO: nougat.ucs.ed.ac.uk

To: cygwin AT cygwin DOT com

Subject: Re: Repairing permissions after windows reinstall -- scripts to do it

References: <f5bh9cdociz DOT fsf AT troutbeck DOT inf DOT ed DOT ac DOT uk> <57291758 DOT 20160701090000 AT yandex DOT ru> <f5bbn2hfpl7 DOT fsf AT troutbeck DOT inf DOT ed DOT ac DOT uk> <383093230 DOT 20160704062725 AT yandex DOT ru> <20160704095501 DOT GD13445 AT calimero DOT vinschen DOT de> <277009025 DOT 20160705175446 AT yandex DOT ru>

From: ht AT inf DOT ed DOT ac DOT uk (Henry S. Thompson)

Date: Tue, 05 Jul 2016 17:23:17 +0100

In-Reply-To: <277009025.20160705175446@yandex.ru> (Andrey Repin's message of "Tue\, 5 Jul 2016 17\:54\:46 +0300")

Message-ID: <f5bd1ms5a16.fsf_-_@troutbeck.inf.ed.ac.uk>

User-Agent: Gnus/5.1012 (Gnus v5.10.12) XEmacs/21.5-b34 (linux)

MIME-Version: 1.0

X-Edinburgh-Scanned: at nougat.ucs.ed.ac.uk with MIMEDefang 2.60, Sophie, Sophos Anti-Virus, Clam AntiVirus

X-IsSubscribed: yes

Note-from-DJ: This may be spam

Here's what worked for me in the end, over several days (I had several
hundred thousand files to fix):

These could be parameterised much better, but I leave that as an
exercise to the user...

These both use subinacl, as getting /substitute ... /restore to work
with icacls was beyond me.

fixPerms.sh (to fix a single directory or file):

#!/bin/bash
d=${1:-.}
#echo "fp: |$d|"
# Download subinacl
#  from https://www.microsoft.com/en-gb/download/details.aspx?id=23510
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$d" /replace=S-1-5-21-xxx-1001=luther\\[me]
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$d" /replace=S-1-5-21-xxx-513=luther\\None
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$d" /replace=S-1-5-21-yyy-1001=luther\\[me]
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$d" /replace=S-1-5-21-yyy-513=luther\\None
icacls "$d" /remove "NULL SID"
chown [me] "$d"

You'll have to replace [me] with your username, and xxx with the meat of
whatever SIDs your new install has given you and "Domain Users".  The
second pair of subinacl calls are there because I had done more than one
reinstall, so had more than one stale persona to replace -- if you only
have one stale persona, you obviously don't need them.

walkPerms.sh (to fix a whole tree):

#!/bin/bash
fixPerms.sh . > /dev/null
n=0
find "$@" \( \( -uid 98765 \) -o \( -uid 98766 \) \) -print0| tr '\000' '\012'| \
while read d
 do
 # echo "|$d|"
 wd=$(cygpath -w "$d")
 n=$((n + 1))
 if [ "$n" = "50" ]
 then
   echo $wd
   n=0
 fi
 if [ -h "$d" ]
 then
    chown -h [me] "$d"
    chgrp -h None "$d"
 else
    /c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$wd" /replace=S-1-5-21-xxx-1001=luther\\ht >/dev/null
    /c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$wd" /replace=S-1-5-21-xxx-513=luther\\None >/dev/null
    /c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$wd" /replace=S-1-5-21-yyy-1001=luther\\ht >/dev/null
    /c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$wd" /replace=S-1-5-21-yyy-513=luther\\None >/dev/null
    icacls "$wd" /remove "NULL SID" >/dev/null
    chown [me] "$d"
 fi
done

Same replacements required for [me] and xxx (and maybe yyy) as above.  I
didn't copied fixPerms.sh into the loop instead of invoking it by name
in order to avoid 100,000s of (slow) forks -- I'm sure there are other
optimisations which could be done.

Finally, note that the uids used in the 'find' at the beginning of
walkPerms.sh above are whatever you've added in your /etc/passwd per
Corinna's earlier message [1], e.g.

me0:*:98765:197121:U-LUTHER\me0,S-1-5-21-xxx-1001:/:/sbin/nologin
me1:*:98766:197121:U-LUTHER\me1,S-1-5-21-yyy-1001:/:/sbin/nologin

If the 'find' doesn't produce anything when you think it should, read
the documentation about /etc/nsswitch.conf [2] and make sure it's either
absent or getting /etc/passwd read.

Hope this helps someone down the line,

ht

[1] https://cygwin.com/ml/cygwin/2016-06/msg00393.html
[2] https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch
-- 
       Henry S. Thompson, School of Informatics, University of Edinburgh
      10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
                Fax: (44) 131 650-4587, e-mail: ht AT inf DOT ed DOT ac DOT uk
                       URL: http://www.ltg.ed.ac.uk/~ht/
 [mail from me _always_ has a .sig like this -- mail without it is forged spam]

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:subject:references:from:date:in-reply-to
	:message-id:mime-version:content-type; q=dns; s=default; b=xxF6i
	0P45wWYRjqqe57pHaJRxUiA57imdwRbJUfmolZk9UlQjzTMK5lsl+2T+zyVISMw2
	WmQNVX5fMPNUAjsf3od3uzgCOkyrZnjTUpZP/MPmY0Skz4GSnBreJcP/L+RORYqn
	3mzrRHLw7KeSgnlfxa5nVAiEzNWnxwDqGg/n2U=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:subject:references:from:date:in-reply-to
	:message-id:mime-version:content-type; s=default; bh=cGqwaV0dQGp
	XQGTYcixrITdFzHU=; b=oYCTJNf0vUONqlVOakLv7cY0x/j/2Sf5XMD75aj3VQU
	CIU+6Vc9OVbkrt6not5Mv7W8OAbzWC/d/PMIAKkVIyoexPAwROeMgSvrHCiDGayl
	Ju0fz2yq9k/oHHfxpewfJ+eQdQpxZFhfeOoNKOJfmRKbrLdgi2HLQ7olln578gCE
	=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.6 required=5.0 tests=AWL,BAYES_50,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=Resource, Dac.uk, HF:Dac.uk, Ded.ac.uk
X-HELO:	nougat.ucs.ed.ac.uk
To:	cygwin AT cygwin DOT com
Subject:	Re: Repairing permissions after windows reinstall -- scripts to do it
References:	<f5bh9cdociz DOT fsf AT troutbeck DOT inf DOT ed DOT ac DOT uk> <57291758 DOT 20160701090000 AT yandex DOT ru> <f5bbn2hfpl7 DOT fsf AT troutbeck DOT inf DOT ed DOT ac DOT uk> <383093230 DOT 20160704062725 AT yandex DOT ru> <20160704095501 DOT GD13445 AT calimero DOT vinschen DOT de> <277009025 DOT 20160705175446 AT yandex DOT ru>
From:	ht AT inf DOT ed DOT ac DOT uk (Henry S. Thompson)
Date:	Tue, 05 Jul 2016 17:23:17 +0100
In-Reply-To:	<277009025.20160705175446@yandex.ru> (Andrey Repin's message of "Tue\, 5 Jul 2016 17\:54\:46 +0300")
Message-ID:	<f5bd1ms5a16.fsf_-_@troutbeck.inf.ed.ac.uk>
User-Agent:	Gnus/5.1012 (Gnus v5.10.12) XEmacs/21.5-b34 (linux)
MIME-Version:	1.0
X-Edinburgh-Scanned:	at nougat.ucs.ed.ac.uk with MIMEDefang 2.60, Sophie, Sophos Anti-Virus, Clam AntiVirus
X-IsSubscribed:	yes
Note-from-DJ:	This may be spam