Mail Archives: cygwin/2018/08/27/06:42:10

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/08/27/06:42:10

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=TCS2M+jJOKGnt1J/58xeTQQAc67GEQ+XAQTbey2gNmeX8vy7ze/1o

qKlaAQKHpl0jU4cwCo+xOOTyjrhUDfleScOactM6/N5bNha6fFcxZo54XYK1Omv6

JXkRFpgEVX6CJ8L/TE4Fg7ihsM7w721TAJ0JnFWLEWUuLo37Dv3vqo=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=8YRwcv4+LQlUdjaKDOO4i8BY05E=; b=BooanoEQ+sSMd+C8jW7s/Vz0A9FG

1PD5qjrD5vhXBcoE4v6btBQ+9Wf8AAsgolvvzaxDTD2HE/lb647QnhA9YbafGf3X

Zzk+aJ1/9wM5bdHmHwCklVvLkOd1Vv9cLtEc4CmZWw5mbgZyQchfSNFGPVdnLTzL

6PSmNGSIfGDRqzw=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-105.7 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=

X-HELO: mout.kundenserver.de

Date: Mon, 27 Aug 2018 12:41:52 +0200

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: incompat in cygwin choice of using '+' as domain and user separator.

Message-ID: <20180827104152.GC4733@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <5B7DE56E DOT 6060109 AT tlinx DOT org> <20180823081135 DOT GN3348 AT calimero DOT vinschen DOT de> <5B8370CA DOT 5080209 AT tlinx DOT org> <20180827090909 DOT GA4733 AT calimero DOT vinschen DOT de>

MIME-Version: 1.0

In-Reply-To: <20180827090909.GA4733@calimero.vinschen.de>

User-Agent: Mutt/1.9.2 (2017-12-15)

--4jXrM3lyYWu4nBt5
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Aug 27 11:09, Corinna Vinschen wrote:
> On Aug 26 20:32, L A Walsh wrote:
> > On 8/23/2018 1:11 AM, Corinna Vinschen wrote:
> > ...
> > > No, that's a wrong assumption.  Think about it.  The ACL given to
> > > acl_to_text is the binary form, so it doesn't contain user or group
> > > names, only uids and gids.  The usernames are only generated in the
> > > output.
> > ---
> > 	Rats.  Of course, you're right.  	Then I nominate the problem being th=
at it
> > can't convert from domain "Unknown"-user + "Unknown"-group to something=
 it
> > can store in tar.
>=20
> The problem with unknown SIDs is that there's no bijective
> transformation between SID <-> uid/gid.  You get the uid/gid -1 and
> then... what?  How do you restore the information?  There's no SID for
> uid/gid -1.
>=20
> > As far as duplication, I have /etc/passwd+/etc/group files that mirror =
my
> > accounts on the linux-based PDC (samba 3.x).
>=20
> What for?  This should work automatically and you would get rid of those
> dreaded backslashes in the account names.  Using passwd/group files also
> have a higher probability of account overlap with weird results.
>=20
> Passwd and group files should only be used if you have very specific
> problems to solve (like offline usage or see below), otherwise just use
> the values you get from the account DBs.
>=20
> > In this case, that user+group appear to correspond
> > to non-existent users. (S-1-5-21-oldsystem-ID-1001 + -1005).
> > The domain/system part appears to be from some previous
> > value for the machine's "sid"?  Not sure how to deliberately
> > reproduce that, but maybe you have a tool to create an
> > invalid acl entry for a user like: Unknown+User:*:4294967295:4294967295=
:S-1-5-21-3457732827-2369206082-2151550420-1001
> > in /etc/passwd.
> > and something similar in /etc/group?

Actually, I just did that.  I added a user and a group to the files with
weird SIDs, then I switched /etc/nsswitch.conf to "db" only.  With
different ACLs (created by Cygwin, created by native Windows) there are
different results.  The problem is that uid/gid -1 can be created as a
file ACL entry *and* at the same time have the meaning of "don't look
for the uid/gid" when checking the ACL for validity.  To make matters
worse, if you have multiple ACEs of unknown users, the resulting ACL is
*always* invalid.

Bottom line is, there are at least two bugs here in Cygwin.  I'm looking
into a fix.

> If you want to keep the old, unknown accounts, just add them to
> your passwd and group files (one of those special problems).
> Alternatively remove them from all ACLs.

For the time being, use the above workaround.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--4jXrM3lyYWu4nBt5
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAluD1XAACgkQ9TYGna5E
T6Br8A//XS6SzJHt63oRLJfQ79iLQZOXt7qYbRHW+w5FWr7urgfji4qRrEkPeB8w
52tOMQkOQSszh3A6sssicXRIiykNbVR3uIwsexX3lkVKMPK/e2F+Muzv62P+LHoY
QU5+lvkOL1lZNGloSJ358BjKajUWIu0MCeBd8M788KX/7nFiI/3ttvmmNDxaDKBg
4Ti9AaY5LwFnPakkRIQZajaq1mgfqmwCg97fDY8XC/qjuNV/PestrRIxrafj7/2M
i8HRSASNCJFLaxBoNk89uT2/dWAwI89TcF4B6dZ0BZNqZO3FPyuFZJm0CohzON++
zVh8TpIC7vbQpeI5lYKfYATRRMjty0ItN7uEQqM4OpjldgGtEWw2BdmqNapFbyVD
BG6XiIPwrDoRDN3LGAuEO6QC7TshQgnB3G8t9PNBXUf4AQ0H8Ku40DYQNjDW0uvi
Z/jGFjXjUIHP1CkgfESK9Wo3w78TknLah2saxWPvZ0+AhMaL2mDu/OVFrgZHhkcv
mcQlPFEGFFf+icUTLYDGAuq0eNZgkOTqNnq25GFE3TGWA0JZ5HOzwTMrGWgTMZfB
SdAu2vqin9iaOQ2765+unfo24li/o9ZUjIqO3KfNv+0gMPCYGLM6WMTs1TsN5QQ6
BYB1oXJ2qRqCE68SekaUORbHQvuKvNS+2NDECJ4brZz/UMnSic0=
=12yL
-----END PGP SIGNATURE-----

--4jXrM3lyYWu4nBt5--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=TCS2M+jJOKGnt1J/58xeTQQAc67GEQ+XAQTbey2gNmeX8vy7ze/1o
	qKlaAQKHpl0jU4cwCo+xOOTyjrhUDfleScOactM6/N5bNha6fFcxZo54XYK1Omv6
	JXkRFpgEVX6CJ8L/TE4Fg7ihsM7w721TAJ0JnFWLEWUuLo37Dv3vqo=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=8YRwcv4+LQlUdjaKDOO4i8BY05E=; b=BooanoEQ+sSMd+C8jW7s/Vz0A9FG
	1PD5qjrD5vhXBcoE4v6btBQ+9Wf8AAsgolvvzaxDTD2HE/lb647QnhA9YbafGf3X
	Zzk+aJ1/9wM5bdHmHwCklVvLkOd1Vv9cLtEc4CmZWw5mbgZyQchfSNFGPVdnLTzL
	6PSmNGSIfGDRqzw=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-105.7 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=
X-HELO:	mout.kundenserver.de
Date:	Mon, 27 Aug 2018 12:41:52 +0200
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: incompat in cygwin choice of using '+' as domain and user separator.
Message-ID:	<20180827104152.GC4733@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<5B7DE56E DOT 6060109 AT tlinx DOT org> <20180823081135 DOT GN3348 AT calimero DOT vinschen DOT de> <5B8370CA DOT 5080209 AT tlinx DOT org> <20180827090909 DOT GA4733 AT calimero DOT vinschen DOT de>
MIME-Version:	1.0
In-Reply-To:	<20180827090909.GA4733@calimero.vinschen.de>
User-Agent:	Mutt/1.9.2 (2017-12-15)