X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; q=dns; s=default; b=GT99z H+iKD7b+BDQvUCMJz3zLa3xQbTLwEd9cMeu0AWJhqof+4kvOBg7b5J1nI/RqzLfL PkHeoXXhFlyeF2xhifWDfSvvCw1m6VHsyjoP5fX6I+ZRhCb6JSHz01/FqPbcia32 j2zpr9YzgE6KJvNCiR/J/3HH/StQO15dkMPUfA= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; s=default; bh=1/BUMUFI0WU JrZbR2U1SuJKZ6HM=; b=C0/FoJOKUptV3JaLccEQ+LbJ/DM8D5zeyFEhIYBxzLi Zvb1bky/7YeD6h+hkdjdsyWrbLZmBeG4Y5AmL775jTCSAfoFlUX4RH5l4pjFxMsD YD9AzSyBBpE4aQfxv4/cuc180Kru7uEKt3yS67IsQv/m9pB5MwebbPRiFc3itVrc = Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=Sound, privileges, Hx-spam-relays-external:ESMTPA X-HELO: vsmx012.vodafonemail.xion.oxcs.net From: Achim Gratz To: cygwin@cygwin.com Subject: Re: [Bug] File permissions across domains References: <874lkjt3dw.fsf@Rainer.invalid> <20180411070312.GK29703@calimero.vinschen.de> <20180411093443.GM29703@calimero.vinschen.de> <87r2nlwtln.fsf@Rainer.invalid> <20180412073805.GS29703@calimero.vinschen.de> <87bmeo8cc7.fsf@Rainer.invalid> <20180413122959.GB27440@calimero.vinschen.de> Date: Fri, 13 Apr 2018 21:31:01 +0200 In-Reply-To: <20180413122959.GB27440@calimero.vinschen.de> (Corinna Vinschen's message of "Fri, 13 Apr 2018 14:29:59 +0200") Message-ID: <87sh7y52fe.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-VADE-STATUS: LEGIT Corinna Vinschen writes: > It's dirt easy: For you... :-) I know next to nothing about all this stuff. > Ok. However, MSDN explicitely suggests to fetch the AuthZ context > from the current user token, if the idea is to ask for the permissions > of the current user. It's much less costly than calling > AuthzInitializeContextFromSid. OK. > Is your account an admin account by any chance? If so, does it work if > you run in an elevated shell? As I said, I have both an admin and a normal account that show the same behaviour (it makes no difference if the admin account is used with elevated privileges or not). > I don't understand what you're trying to say here. Are there > differences or not? You're on to something. I have over 500 groups in my token in the old domain, but only half of those end up in the token when I'm logged in on the machine in the new domain (at least as far as Cygwin is concerned as obviously I can still access the files when I'm actually trying). I scheduled an audience with one of the AD guys some time next week, he thinks he can explain why that happens and hopefully it's something that can be fixed on the AD side. Eventually I'll have my account migrated to the new domain later this year anyway at which point these sort of problems should go away, but at least for the next two months I'll have to stick it out. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple