X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Thu, 28 Feb 2008 16:29:50 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: chown with not existing user/group
Message-ID: <20080228152950.GK9539@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <loom DOT 20080228T135447-901 AT post DOT gmane DOT org> <008b01c87a16$308a0540$2e08a8c0 AT CAM DOT ARTIMI DOT COM> <loom DOT 20080228T144047-205 AT post DOT gmane DOT org> <009b01c87a19$f24e54d0$2e08a8c0 AT CAM DOT ARTIMI DOT COM>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <009b01c87a19$f24e54d0$2e08a8c0@CAM.ARTIMI.COM>
User-Agent: Mutt/1.5.16 (2007-06-09)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Feb 28 14:55, Dave Korn wrote:
> On 28 February 2008 14:45, Matthieu CASTET wrote:
> 
> > But then why does it works if I create dummy user in /etc/passwd.
> 
>   Because cygwin relies on the contents of /etc/passwd to be accurate.  Cygwin
> cannot in general know what SIDs exist out there in a domain (or even on a
> local machine), it treats /etc/passwd as a cache to save going out across the
> network to the domain controller for lookups every time a UID is needed.
> 
> > For example for root
> > 
> > $ echo "root:*:0:0:,S-1-5-32-545::" >> /etc/passwd
> > $ chown root:root /tmp/toto
> > $ ls -l /tmp/toto
> > -rw-r--r-- 1 root root 0 Feb 28 14:49 /tmp/toto
> > 
> > Does it means in this case I create "ACLs with unrecognised SIDs" ?
> 
>   No, because 1-5-32-545 is a real SID, hence recognised.  It's a well-known
> SID that exists on all windows boxes.  It is, however, a GID, not a UID: that
> is the SID of the "Users" group you have set there, so who knows how confused
> cygwin might be by that.

What confusion?  In contrast to POSIX, there's no difference between a
user SID and a group SID from the perspective of security descriptors.
Cygwin doesn't care either, as long as the SID shows up in one of the
/etc/passwd, /etc/group files.

Windows allows to use a group SID as owner and a user SID as group in a
SD.  The group SID in the SD has no meaning in Win32 anyway.  It's more
or less only useful for the POSIX subsystem and, FWIW, Cygwin which uses
it for it's own malicious purposes(*) <insert lunatic laughter here>.


Corinna


(*) As group, actually.  Hmm, I spoiled it slightly, right?

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/