Message-ID: <4B489B32.5070303@fastmail.fm>
Date: Sat, 09 Jan 2010 10:05:22 -0500
From: Raman Gupta <rocketraman@fastmail.fm>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.5) Gecko/20091130 Lightning/1.0b2pre Thunderbird/3.0
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: Re: 1.7.1-1 noacl on samba share has incorrect directory write bit
References: <20100107180214.GP23972@calimero.vinschen.de>  <4B462AFD.8030809@fastmail.fm>  <20100107195022.GQ23972@calimero.vinschen.de>  <4B463D68.1070906@fastmail.fm>  <20100107200946.GR23972@calimero.vinschen.de>  <4B46431E.7050101@fastmail.fm>  <20100108103215.GB27916@calimero.vinschen.de>  <4B47626B.4060104@fastmail.fm>  <4B4793BC.10401@cygwin.com>  <4B481B64.4090502@fastmail.fm> <20100109100619.GK23992@calimero.vinschen.de>
In-Reply-To: <20100109100619.GK23992@calimero.vinschen.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com

On 01/09/2010 05:06 AM, Corinna Vinschen wrote:
> On Jan  9 01:00, Raman Gupta wrote:
>> Reference this mailing list discussion back in 2000:
>>
>> http://sources.redhat.com/ml/cygwin/2000-12/msg00546.html
>>
>> It appears this discussion is actually what led Corinna to add the
>> smbntsec mount option. The issues are summarized well in this mail
>> from Charles Wilson:
>>
>> http://sources.redhat.com/ml/cygwin/2000-12/msg00756.html
> 
> The problems are mostely fixed.  I'm using this setting for a long
> while now.  The ownership is the one of the UNIX user and group,
> but that doesn't change the fact that you can read and change the
> permissions.  You can even fetch the user and groups from the Samba
> server using mkpasswd and mkgroup.  Looks like this in my environment:
> 
>    $ mkpasswd -L calimero -S_ -U root,corinna
>    Unix User_root:unused:10000:99999:,S-1-22-1-0::
>    Unix User_corinna:unused:10500:99999:,S-1-22-1-500::
> 
>    $ mkgroup -L calimero -S_ -U root,users
>    Unix Group_root:S-1-22-2-0:10000:
>    Unix Group_users:S-1-22-2-100:10100:

I've tried this but I get, for example, permission denied when trying
to change permissions on files. Here is an example:

$ ls -l
-rw-r--r-- 1 Unix User_root  Unix Group_agroup 0 2010-01-09 09:54 bar
-rw-r--r-- 1 SERVER_raman    Unix Group_agroup 0 2010-01-09 09:50 foo

$ id
uid=1004(Raman Gupta) gid=513(None) groups=0(root),544(Administrators),545(Users),513(None)

$ chmod 444 foo
chmod: changing permissions of `foo': Permission denied

One thing I'm not certain about is why mkpasswd returns my username
twice, once with a "Unix User" prefix and once with "SERVER" prefix
-- I note your example does not do that:

$ mkpasswd -L server -S_ -U root,raman
Unix User_root:unused:10000:99999:,S-1-22-1-0::
Unix User_raman:unused:10500:99999:,S-1-22-1-500::
SERVER_raman:unused:11000:10513:Raman Gupta,U-SERVER\raman,S-1-5-21-903485053-2526882046-1379677160-1000://server/raman:/bin/bash

I also note that the file ownership is shown with the "SERVER"
prefix and not the "Unix User" prefix -- perhaps that is the
problem with chmod?

Lastly, note I am using WinXP Home edition -- which has limited
user admin/acl features. For example, the Security tab in file
properties is missing (though I can add that via a download from
Microsoft). But it seems to have limited ability to add users to
groups and so forth, so the Security tab seems to have marginal
value anyway.

Cheers,
Raman

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple