| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:references:date:in-reply-to | |
| :message-id:mime-version:content-type:content-transfer-encoding; | |
| q=dns; s=default; b=i8blZ5MwNyWPDmKVwebkvtc152kkbyOnkmQBYdMlnQx | |
| 9jLZepG8IV1MQMXNWtuyB9n0nHHjQMBJkGK07y7wXoucsX9Rk7Tf+gp/eHhLKPWE | |
| aFo/XnYUP28Tlbut+z/aOP4fnPfmPZWOKNH4GLrwth9znJYy7ZNoHwwjBcF/UrTI | |
| = | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:references:date:in-reply-to | |
| :message-id:mime-version:content-type:content-transfer-encoding; | |
| s=default; bh=sGNhwhnnhqvUgsVXnv87ifHhFsM=; b=Z1X5rfolZ6rz6p167 | |
| 2HvTPFqIRSK7mn8XLvnS87jyjuPLWHhEJKK2BbyE/LLLAuTeIAK1/qyAwd5PzYCu | |
| Z7VfwlUIa4TXK7AgpIaTVeVW0dZlYABwEGm5/h7TGY1KxbUePdwTzPykPZlQ+5sM | |
| LpMOoDCoti+3pFOqQ4man7VKA8= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-6.5 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,SPF_PASS autolearn=ham version=3.3.2 spammy=processed, sid, 1012, Hx-spam-relays-external:ESMTPA |
| X-HELO: | vsmx012.vodafonemail.xion.oxcs.net |
| From: | Achim Gratz <Stromeko AT nexgo DOT de> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: [Bug] File permissions across domains |
| References: | <874lkjt3dw DOT fsf AT Rainer DOT invalid> <20180411070312 DOT GK29703 AT calimero DOT vinschen DOT de> <20180411093443 DOT GM29703 AT calimero DOT vinschen DOT de> |
| Date: | Wed, 11 Apr 2018 19:17:24 +0200 |
| In-Reply-To: | <20180411093443.GM29703@calimero.vinschen.de> (Corinna Vinschen's message of "Wed, 11 Apr 2018 11:34:43 +0200") |
| Message-ID: | <87r2nlwtln.fsf@Rainer.invalid> |
| User-Agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
| MIME-Version: | 1.0 |
| X-VADE-STATUS: | LEGIT |
| X-MIME-Autoconverted: | from quoted-printable to 8bit by delorie.com id w3BHHdoY029461 |
Corinna Vinschen writes:
> This is a bit low on detail. What does icacls say about this file? How
> does getfacl report the ACL on a machine in the old domain? What does
> ls -l report on the file on both machines? Does an strace on getfacl
> report an error in ACL checking?
There is absolutely no error when stracing getfacl on either machine.
From the machine in the new domain (my account is in group cygwinupload
and access on this share is via ACL only, I can't change ACL):
--8<---------------cut here---------------start------------->8---
/mnt/upload > ll bla
----rwx---+ 1 OLD+gratz OLD+Domain Users 0 Apr 10 15:21 bla
(1011)/mnt/upload > getfacl bla
# file: bla
# owner: OLD+gratz
# group: OLD+Domain Users
user::---
group::---
group:OLD+FileOperators:rwx
group:OLD+cygwinupload:rwx
mask:rwx
other:---
(1012)/mnt/upload > `cygpath -S`/icacls bla
bla OLD\FileOperators:(I)(F)
OLD\cygwinupload:(I)(M)
Successfully processed 1 files; Failed processing 0 files
--8<---------------cut here---------------end--------------->8---
The same thing on a machine in the old domain:
--8<---------------cut here---------------start------------->8---
(1007)/mnt/upload > ll bla
-rwxrwx---+ 1 gratz Domain Users 0 Apr 10 15:21 bla
(1008)/mnt/upload > getfacl bla
# file: bla
# owner: gratz
# group: Domain Users
user::rwx
group::---
group:FileOperators:rwx
group:cygwinupload:rwx
mask:rwx
other:---
(1009)/mnt/upload > `cygpath -S`/icacls bla
bla OLD\FileOperators:(I)(F)
OLD\cygwinupload:(I)(M)
Successfully processed 1 files; Failed processing 0 files
--8<---------------cut here---------------end--------------->8---
Checking how Cygwin reads my own account results in exactly the same SID
on both machines as it should, but of course Cygwin translates that to
different uid / gid values due to the presence of the domain prefix when
I'm logged into the machine in the new domain:
OLD+gratz:*:2147559089:2147484161:U-OLD\gratz,S-1-5-21-20…441:/home/gratz:/bin/bash
gratz:*:1124017:1049089:U-OLD\gratz,S-1-5-21-20…441:/home/gratz:/bin/bash
I have not yet tried to force the account back to a prefix-less
interpretation via /etc/passwd (I had to do that in my home network
without a DC to solve a similar problem, but I'd like to avoid that
here).
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
SD adaptations for KORG EX-800 and Poly-800MkII V0.9:
http://Synth.Stromeko.net/Downloads.html#KorgSDada
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |