delorie.com/archives/browse.cgi | search |
X-Recipient: | archive-cygwin AT delorie DOT com |
DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
:list-unsubscribe:list-subscribe:list-archive:list-post | |
:list-help:sender:date:from:to:subject:message-id:reply-to | |
:references:mime-version:content-type:in-reply-to; q=dns; s= | |
default; b=TCS2M+jJOKGnt1J/58xeTQQAc67GEQ+XAQTbey2gNmeX8vy7ze/1o | |
qKlaAQKHpl0jU4cwCo+xOOTyjrhUDfleScOactM6/N5bNha6fFcxZo54XYK1Omv6 | |
JXkRFpgEVX6CJ8L/TE4Fg7ihsM7w721TAJ0JnFWLEWUuLo37Dv3vqo= | |
DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
:list-unsubscribe:list-subscribe:list-archive:list-post | |
:list-help:sender:date:from:to:subject:message-id:reply-to | |
:references:mime-version:content-type:in-reply-to; s=default; | |
bh=8YRwcv4+LQlUdjaKDOO4i8BY05E=; b=BooanoEQ+sSMd+C8jW7s/Vz0A9FG | |
1PD5qjrD5vhXBcoE4v6btBQ+9Wf8AAsgolvvzaxDTD2HE/lb647QnhA9YbafGf3X | |
Zzk+aJ1/9wM5bdHmHwCklVvLkOd1Vv9cLtEc4CmZWw5mbgZyQchfSNFGPVdnLTzL | |
6PSmNGSIfGDRqzw= | |
Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
List-Id: | <cygwin.cygwin.com> |
List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
List-Archive: | <http://sourceware.org/ml/cygwin/> |
List-Post: | <mailto:cygwin AT cygwin DOT com> |
List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
Sender: | cygwin-owner AT cygwin DOT com |
Mail-Followup-To: | cygwin AT cygwin DOT com |
Delivered-To: | mailing list cygwin AT cygwin DOT com |
Authentication-Results: | sourceware.org; auth=none |
X-Spam-SWARE-Status: | No, score=-105.7 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy= |
X-HELO: | mout.kundenserver.de |
Date: | Mon, 27 Aug 2018 12:41:52 +0200 |
From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
To: | cygwin AT cygwin DOT com |
Subject: | Re: incompat in cygwin choice of using '+' as domain and user separator. |
Message-ID: | <20180827104152.GC4733@calimero.vinschen.de> |
Reply-To: | cygwin AT cygwin DOT com |
Mail-Followup-To: | cygwin AT cygwin DOT com |
References: | <5B7DE56E DOT 6060109 AT tlinx DOT org> <20180823081135 DOT GN3348 AT calimero DOT vinschen DOT de> <5B8370CA DOT 5080209 AT tlinx DOT org> <20180827090909 DOT GA4733 AT calimero DOT vinschen DOT de> |
MIME-Version: | 1.0 |
In-Reply-To: | <20180827090909.GA4733@calimero.vinschen.de> |
User-Agent: | Mutt/1.9.2 (2017-12-15) |
--4jXrM3lyYWu4nBt5 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Aug 27 11:09, Corinna Vinschen wrote: > On Aug 26 20:32, L A Walsh wrote: > > On 8/23/2018 1:11 AM, Corinna Vinschen wrote: > > ... > > > No, that's a wrong assumption. Think about it. The ACL given to > > > acl_to_text is the binary form, so it doesn't contain user or group > > > names, only uids and gids. The usernames are only generated in the > > > output. > > --- > > Rats. Of course, you're right. Then I nominate the problem being th= at it > > can't convert from domain "Unknown"-user + "Unknown"-group to something= it > > can store in tar. >=20 > The problem with unknown SIDs is that there's no bijective > transformation between SID <-> uid/gid. You get the uid/gid -1 and > then... what? How do you restore the information? There's no SID for > uid/gid -1. >=20 > > As far as duplication, I have /etc/passwd+/etc/group files that mirror = my > > accounts on the linux-based PDC (samba 3.x). >=20 > What for? This should work automatically and you would get rid of those > dreaded backslashes in the account names. Using passwd/group files also > have a higher probability of account overlap with weird results. >=20 > Passwd and group files should only be used if you have very specific > problems to solve (like offline usage or see below), otherwise just use > the values you get from the account DBs. >=20 > > In this case, that user+group appear to correspond > > to non-existent users. (S-1-5-21-oldsystem-ID-1001 + -1005). > > The domain/system part appears to be from some previous > > value for the machine's "sid"? Not sure how to deliberately > > reproduce that, but maybe you have a tool to create an > > invalid acl entry for a user like: Unknown+User:*:4294967295:4294967295= :S-1-5-21-3457732827-2369206082-2151550420-1001 > > in /etc/passwd. > > and something similar in /etc/group? Actually, I just did that. I added a user and a group to the files with weird SIDs, then I switched /etc/nsswitch.conf to "db" only. With different ACLs (created by Cygwin, created by native Windows) there are different results. The problem is that uid/gid -1 can be created as a file ACL entry *and* at the same time have the meaning of "don't look for the uid/gid" when checking the ACL for validity. To make matters worse, if you have multiple ACEs of unknown users, the resulting ACL is *always* invalid. Bottom line is, there are at least two bugs here in Cygwin. I'm looking into a fix. > If you want to keep the old, unknown accounts, just add them to > your passwd and group files (one of those special problems). > Alternatively remove them from all ACLs. For the time being, use the above workaround. Thanks, Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --4jXrM3lyYWu4nBt5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAluD1XAACgkQ9TYGna5E T6Br8A//XS6SzJHt63oRLJfQ79iLQZOXt7qYbRHW+w5FWr7urgfji4qRrEkPeB8w 52tOMQkOQSszh3A6sssicXRIiykNbVR3uIwsexX3lkVKMPK/e2F+Muzv62P+LHoY QU5+lvkOL1lZNGloSJ358BjKajUWIu0MCeBd8M788KX/7nFiI/3ttvmmNDxaDKBg 4Ti9AaY5LwFnPakkRIQZajaq1mgfqmwCg97fDY8XC/qjuNV/PestrRIxrafj7/2M i8HRSASNCJFLaxBoNk89uT2/dWAwI89TcF4B6dZ0BZNqZO3FPyuFZJm0CohzON++ zVh8TpIC7vbQpeI5lYKfYATRRMjty0ItN7uEQqM4OpjldgGtEWw2BdmqNapFbyVD BG6XiIPwrDoRDN3LGAuEO6QC7TshQgnB3G8t9PNBXUf4AQ0H8Ku40DYQNjDW0uvi Z/jGFjXjUIHP1CkgfESK9Wo3w78TknLah2saxWPvZ0+AhMaL2mDu/OVFrgZHhkcv mcQlPFEGFFf+icUTLYDGAuq0eNZgkOTqNnq25GFE3TGWA0JZ5HOzwTMrGWgTMZfB SdAu2vqin9iaOQ2765+unfo24li/o9ZUjIqO3KfNv+0gMPCYGLM6WMTs1TsN5QQ6 BYB1oXJ2qRqCE68SekaUORbHQvuKvNS+2NDECJ4brZz/UMnSic0= =12yL -----END PGP SIGNATURE----- --4jXrM3lyYWu4nBt5--
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |