X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=hVj93Lg
	EqvZ0JTnwHUdHOOZtdREkTSIRrue1W7FQKsQ6uZQxxU62dtoJTn8R8ADMv2YnblC
	pcQa2UavalelpQd/Q9XIeOWGItdsBQfJtLTcF7+IdOOjZdPozsS8H1G3bjy9+qM0
	PVF3PShiu9wZzjDMAv8u40wLs9ZycsyIU+iA=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; s=default; bh=+IxSZFGSgNqGa
	Wrt4Zso80RoLJU=; b=cQ5OnGj8JdMAQwvENi+KjWlt8N00WPPp9OO0AsROnP/99
	xCzNlsBgUa7CtN8RJ2UphY/K93YigabNLT5oihnhnEnVTMeB1GzCDm5Blpk+kQ9a
	2zT5nnA8sA/xZ2Vn1jyyyz5xm3U/1ugLsCMZKpavzITyumEAI1V+GEbsRdvMAM=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-1.8 required=5.0 tests=BAYES_00,FREEMAIL_FROM,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 spammy=Hx-languages-length:2908, underneath, states
X-HELO:	mout.gmx.com
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com; s=dbd5af2cbaf7; t=1550264401; bh=ytoDJgW3n7l2taYvINaG803ktAJWPIWFr4eHwfPkOzw=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=DownIG0trZU3nA8xuAGpelBmr4PKocsYgCdMHKvcBGE2+20cXm9XhX5boN8YlO9Zs etbRp02Nn05bSdjnmjDHFh9f4f+LC8cidFIlcn2LcZZ6f3Fw2GBKKf0Y+n+O5pr5No SCJ6jxkxFIxe5ckJ4d+WH+fmkOKf/U3KU7zlYQA8=
X-UI-Sender-Class:	214d933f-fd2f-45c7-a636-f5d79ae31a79
MIME-Version:	1.0
References:	<CANV9t=SNfgP-CA32yfPwLv2=d0F8xtpdCT4o_wwGFGE+F3SEuA AT mail DOT gmail DOT com> <50cba8d1-4794-8db9-d1f3-ab9476421db7 AT gmx DOT com> <CANV9t=QQ1higAt1qeDF4fckkz_6eqQJtdhau8+uhrAvGtWUK_A AT mail DOT gmail DOT com> <20190215163817 DOT GI2702 AT calimero DOT vinschen DOT de> <CANV9t=Rm+su=qDqdFN-LqiMLEAHJD7WxW_OSqqSpqgeb6ir++w AT mail DOT gmail DOT com> <20190215202936 DOT GL2702 AT calimero DOT vinschen DOT de> <CANV9t=SdQPZw_VF95HwDrVRU1KzdHA61GJBRgA1weHryHUO6-w AT mail DOT gmail DOT com> <20190215204326 DOT GO2702 AT calimero DOT vinschen DOT de>
In-Reply-To:	<20190215204326.GO2702@calimero.vinschen.de>
From:	Bill Stewart <bstewart AT iname DOT com>
Date:	Fri, 15 Feb 2019 13:59:46 -0700
Message-ID:	<CANV9t=Q5M+V9TPEN-GaGzLtK_8AO5fUenajQ+T-VZX6+kbrMMw@mail.gmail.com>
Subject:	Re: Windows to Cygwin username mapping: Domain before local account when duplicate name?
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes

On Fri, Feb 15, 2019 at 1:43 PM Corinna Vinschen wrote:

> More specific as the original text?  I'm hard pressed to accomplish
> that.  Take note of the "domain member machine" property.

I think I see the problem. The list I posted (above the one you are
apparently referring to) has the search in a different order.

The section that starts with "Let's discuss the SID<=>uid/gid mapping
first. Here's how it works." states this order:
_________________________________________________________________

* Well-known SIDs in the NT_AUTHORITY domain of the S-1-5-RID type

* Other well-known SIDs in the NT_AUTHORITY domain (S-1-5-X-RID)

* Other well-known SIDs

* Logon SIDs

* Accounts from the local machine's user DB (SAM)

* Accounts from the machine's primary domain

* Accounts from a trusted domain of the machine's primary domain
_________________________________________________________________

In this list, local machine accounts are listed before domain accounts.

Underneath that, there's a second section with examples that starts
with "Now we have a semi-bijective mapping..." that has this order:
_________________________________________________________________

* Well-known and builtin accounts will be named as in Windows:

  "SYSTEM", "LOCAL", "Medium Mandatory Level", ...

* If the machine is not a domain member machine, only local accounts
can be resolved into names, so for ease of use, just the account names
are used as Cygwin user/group names:

  "corinna", "bigfoot", "None", ...

* If the machine is a domain member machine, all accounts from the
primary domain of the machine are mapped to Cygwin names without
domain prefix:

  "corinna", "bigfoot", "Domain Users", ...

  while accounts from other domains are prepended by their domain:

  "DOMAIN1+corinna", "DOMAIN2+bigfoot", "DOMAIN3+Domain Users", ...

* Local machine accounts of a domain member machine get a Cygwin user
name the same way as accounts from another domain: The local machine
name gets prepended:

  "MYMACHINE+corinna", "MYMACHINE+bigfoot", "MYMACHINE+None", ...

* If LookupAccountSid fails, Cygwin checks the accounts against the
known trusted domains. If the account is from one of the trusted
domains, an artificial account name is created. It consists of the
domain name, and a special name created from the account RID:

_________________________________________________________________

In the second list, it says domains are first before the local machine.

I was assuming the first section is an orderly sequence of searching,
since that's usually how Windows works.

The second section with the examples seems to be a different order,
and would seems to be the order Cygwin actually uses.

I was just wondering if that's by design or by accident, since it's
different from the typical order.

Regards,

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -