Mail Archives: cygwin/2018/04/23/04:54:24

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/04/23/04:54:24

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=hoY91vKkUWa0URayokrDI0gdTfY5tQjP9r3u8H24yj7gh0l+Wdp5v

uvcO9ZmAiTITzxNI2oaZTkRL2HMbF7mGQwIjiGrSjzHkdGjY1bSNKfs7KsYxDfiu

6FkgMfxDtXm4dF8JfaiBqkFkEj/CtcEMDpHzJujpGURttctEpSYeDA=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=0mrz8qpFy08qwdgUAbEL8cEcW0o=; b=wdE0rx0Tgnuk6dpFcJWIoSrFBYRj

hxRzlmLc+ijr5KgqKllearaOJ9FdJvGsUipUHVeDCWh1hhPVnfQR10rdj5HwiMoU

pls2/fNxkaQ8vhE6LWHwYxGIlZ4rPZd7J/lBYs26p13dcUIGy2leF9uIAy5ZVxMG

qaXEuDNuslzZySs=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-101.6 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=validity, perfect

X-HELO: mout.kundenserver.de

Date: Mon, 23 Apr 2018 10:54:08 +0200

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: [Bug] File permissions across domains

Message-ID: <20180423085408.GU15911@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <874lkjt3dw DOT fsf AT Rainer DOT invalid> <20180411070312 DOT GK29703 AT calimero DOT vinschen DOT de> <20180411093443 DOT GM29703 AT calimero DOT vinschen DOT de> <87r2nlwtln DOT fsf AT Rainer DOT invalid> <20180412073805 DOT GS29703 AT calimero DOT vinschen DOT de> <87bmeo8cc7 DOT fsf AT Rainer DOT invalid> <20180413122959 DOT GB27440 AT calimero DOT vinschen DOT de> <87sh7y52fe DOT fsf AT Rainer DOT invalid> <878t9f66tl DOT fsf AT Rainer DOT invalid>

MIME-Version: 1.0

In-Reply-To: <878t9f66tl.fsf@Rainer.invalid>

User-Agent: Mutt/1.9.2 (2017-12-15)

X-UI-Out-Filterresults: notjunk:1;V01:K0:/0GyEG1/uBU=:rlKSYF/2JptkRqUislM97v qYD1Bq8noroFYanN+1UfHnnkv7BYKmi/zqRb5hj4mrfEO/HWRryleRnq8MjFeIRZo7bR4Ar5t ahopv9MbLPrXHqWMpK3kbbTMCfnNuouPOBNOESplh1ugTjA7AtXmdRZs6IsEqyx9QOt6KZQSe NGFhYAr4xiHOjZlWUOH6Q04f8cYWyoOA3tGv2aEfHrKqu0AJIa8MCVxGggDX3gJxT8Vjla9QY GVJn9fmh790EfAE+HzMdoAnhkWvCmBKx5HsfFlPsdoE++9vHkCcrk0CKiFfkXvZugLI26jbS8 CNN0AoM2wWq7GPnuiocV0rxFnD202PEay0Jfa3mJlH3mwT22WdMaZe9JwF12RPY6MEuLFrwLY R7wGlgwTBTwLf4uznIJrTLdiGRBRg1j7jTZfb3rgzQJ47mbjcONI34TQqaafxOmWjUAe/W9l9 7nuUb9V1frNGycMEzXlLvx2w5QMAORfmH9m/7iAzD2c3r8QHJTgNHht47ghC7aC2cauBlTM7t TjKAs/fNViwFqa+o2Hfe1EkqRHFwbalTooixsRzSNiS8f86epCJLmbWlQP0kn84+TLgvsGDPV qmL7qZOD3yeFkz18qx8FH0/xVCF60/989ZyFPScY+O7SCgTTNlpYU8Ya2iG66EgoTJbtni58s ygf2pP+KmuPdQimh1HBTsuPRVdya3pcChBSNnAxYHAZyy1KbMbYhkFI2ZeqfgjJng20ixMUeB urqVSVggDX/iVsFeGMtCSXdAJjurhtNMXjtKqg==

--8kI7hWEHMS8Z+7/0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Apr 22 09:25, Achim Gratz wrote:
> Achim Gratz writes:
> >> I don't understand what you're trying to say here.  Are there
> >> differences or not?
> >
> > You're on to something.  I have over 500 groups in my token in the old
> > domain, but only half of those end up in the token when I'm logged in on
> > the machine in the new domain (at least as far as Cygwin is concerned as
> > obviously I can still access the files when I'm actually trying).  I
> > scheduled an audience with one of the AD guys some time next week, he
> > thinks he can explain why that happens and hopefully it's something that
> > can be fixed on the AD side.
>=20
> Here's what I understood of that: The problem was how the group that was
> supposed to give me access was set up in AD a long time ago.  Apparently
> when you have an AD forest or a federation you can separately flag if
> the groups are visible or valid outside the defining domain and it had
> been set up to have restricted validity, while still being visible in
> all domains.  Only when both these flags are set will the group actually
> be in your AuthZ token ("universal group").  Actual file access still
> worked since the access was checked on the file server which was in the
> "home" domain.  So, the group got converted to a universal one and the
> problem went away after that change had replicated to all DC.

Perfect.  Thanks for sharing the solution!


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--8kI7hWEHMS8Z+7/0
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlrdnzAACgkQ9TYGna5E
T6Bc+Q//YA60NMrR2dXzeh9yn7jWraOr05qgaMhn6Tu33f960IblDfvfh9aFw5CO
MAU90Z0zTJZirto2wDp3wYDlk0oGUYoYPlt3flfLWC4m6NIrg/Q+fWeRunIny8Nm
W+VpW9rMvknByTI6fQqn03XOJsMjyiQK7YD61R+ByWcI8/T90TcDT8QYwLHqU9QR
KLQ1J33483JfPc+c0Y5FNCdH1h3RpMLURxNtx3Xs3wJqEiksGq4jOlthW+NHVk+V
fWEphzubYrvJQzZNRKBsoXk2NSNA4qZ0aIjzr5eCQXkyQCQoVRhUuxzikOdyN/KZ
H8080RfVd6G5vHH9e97XvR2mTw8pBAQAEBFIwqIXT9d6cuNRIdPsx3focbinu8Ss
qOdAahefkqqIztuD4FZ5KV5w/h5xORSGVZvLj1h/MZm4WedSwNJzT8Ph4XsWIrSW
JObxi2d2U2sWX3VqzVYnJ6lG0jEIBzAsZ9UdmeTNxs6rx04hXUT52yCq3JssE2Cg
7weDtc8wUnZQml0Le/JXsnS/X4THCQLlKstnusq8CWEeMMw9ixxybeRonnG3FARa
b5BrGo8jnhNSm0Ftk3Kf0y8mhHuRqKjr2Whv07XPh/aS3wkqdyh5015ejhq2bX74
nvzUGUv1etSKqONB9YKyWB9UdcwwH5Rqu+F43eI91ya/HfxZGbM=
=LF/l
-----END PGP SIGNATURE-----

--8kI7hWEHMS8Z+7/0--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=hoY91vKkUWa0URayokrDI0gdTfY5tQjP9r3u8H24yj7gh0l+Wdp5v
	uvcO9ZmAiTITzxNI2oaZTkRL2HMbF7mGQwIjiGrSjzHkdGjY1bSNKfs7KsYxDfiu
	6FkgMfxDtXm4dF8JfaiBqkFkEj/CtcEMDpHzJujpGURttctEpSYeDA=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=0mrz8qpFy08qwdgUAbEL8cEcW0o=; b=wdE0rx0Tgnuk6dpFcJWIoSrFBYRj
	hxRzlmLc+ijr5KgqKllearaOJ9FdJvGsUipUHVeDCWh1hhPVnfQR10rdj5HwiMoU
	pls2/fNxkaQ8vhE6LWHwYxGIlZ4rPZd7J/lBYs26p13dcUIGy2leF9uIAy5ZVxMG
	qaXEuDNuslzZySs=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-101.6 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=validity, perfect
X-HELO:	mout.kundenserver.de
Date:	Mon, 23 Apr 2018 10:54:08 +0200
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: [Bug] File permissions across domains
Message-ID:	<20180423085408.GU15911@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<874lkjt3dw DOT fsf AT Rainer DOT invalid> <20180411070312 DOT GK29703 AT calimero DOT vinschen DOT de> <20180411093443 DOT GM29703 AT calimero DOT vinschen DOT de> <87r2nlwtln DOT fsf AT Rainer DOT invalid> <20180412073805 DOT GS29703 AT calimero DOT vinschen DOT de> <87bmeo8cc7 DOT fsf AT Rainer DOT invalid> <20180413122959 DOT GB27440 AT calimero DOT vinschen DOT de> <87sh7y52fe DOT fsf AT Rainer DOT invalid> <878t9f66tl DOT fsf AT Rainer DOT invalid>
MIME-Version:	1.0
In-Reply-To:	<878t9f66tl.fsf@Rainer.invalid>
User-Agent:	Mutt/1.9.2 (2017-12-15)
X-UI-Out-Filterresults:	notjunk:1;V01:K0:/0GyEG1/uBU=:rlKSYF/2JptkRqUislM97v qYD1Bq8noroFYanN+1UfHnnkv7BYKmi/zqRb5hj4mrfEO/HWRryleRnq8MjFeIRZo7bR4Ar5t ahopv9MbLPrXHqWMpK3kbbTMCfnNuouPOBNOESplh1ugTjA7AtXmdRZs6IsEqyx9QOt6KZQSe NGFhYAr4xiHOjZlWUOH6Q04f8cYWyoOA3tGv2aEfHrKqu0AJIa8MCVxGggDX3gJxT8Vjla9QY GVJn9fmh790EfAE+HzMdoAnhkWvCmBKx5HsfFlPsdoE++9vHkCcrk0CKiFfkXvZugLI26jbS8 CNN0AoM2wWq7GPnuiocV0rxFnD202PEay0Jfa3mJlH3mwT22WdMaZe9JwF12RPY6MEuLFrwLY R7wGlgwTBTwLf4uznIJrTLdiGRBRg1j7jTZfb3rgzQJ47mbjcONI34TQqaafxOmWjUAe/W9l9 7nuUb9V1frNGycMEzXlLvx2w5QMAORfmH9m/7iAzD2c3r8QHJTgNHht47ghC7aC2cauBlTM7t TjKAs/fNViwFqa+o2Hfe1EkqRHFwbalTooixsRzSNiS8f86epCJLmbWlQP0kn84+TLgvsGDPV qmL7qZOD3yeFkz18qx8FH0/xVCF60/989ZyFPScY+O7SCgTTNlpYU8Ya2iG66EgoTJbtni58s ygf2pP+KmuPdQimh1HBTsuPRVdya3pcChBSNnAxYHAZyy1KbMbYhkFI2ZeqfgjJng20ixMUeB urqVSVggDX/iVsFeGMtCSXdAJjurhtNMXjtKqg==