DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=JtS7o/jUfP6n60pw
	3U9/YxkCH/45jEL3GLjWLZgwMd3n3pzwk7d0DbDDd5Ut2HEkVtMb2tZtMwQTk2s9
	c0M+C3+8XRlvgFb93qYZloXx+yZtUAZ1oAdW/5HgJKMjKxvXfv2N8NFLpyAG9dp4
	5Lls8ceKyIc2UoLDOvpAVMQoG5I=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Message-id: <536810AD.4020100@cygwin.com>
Date: Mon, 05 May 2014 18:29:01 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-to: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Problem with "None" Group on Non-Domain Members
References: <536796E4 DOT 2090009 AT breisch DOT org> <20140505135928 DOT GK30918 AT calimero DOT vinschen DOT de> <53679D5C DOT 5030209 AT breisch DOT org> <20140505144745 DOT GA6993 AT calimero DOT vinschen DOT de> <5367ACED DOT 40409 AT breisch DOT org> <20140505154230 DOT GB7694 AT calimero DOT vinschen DOT de> <5367B990 DOT 8050907 AT breisch DOT org> <20140505165723 DOT GM30918 AT calimero DOT vinschen DOT de> <5367DEE5 DOT 5010407 AT breisch DOT org> <5367EA1F DOT 3060800 AT cygwin DOT com> <5368094E DOT 7040806 AT breisch DOT org> <53680B9F DOT 3010906 AT breisch DOT org>
In-reply-to: <53680B9F.3010906@breisch.org>
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7bit

On 05/05/2014 06:07 PM, Chris J. Breisch wrote:
> Chris J. Breisch wrote:
>> Larry Hall (Cygwin) wrote:
>>> On 05/05/2014 02:56 PM, Chris J. Breisch wrote:
>>>> Corinna Vinschen wrote:
>>>>> On May 5 12:17, Chris J. Breisch wrote:
>>>>>> Corinna Vinschen wrote:
>>>>>>> An strace of `chmod 400 bar' might sched some light on this issue,
>>>>>>> but I
>>>>>>> have a gut feeling the underlying WIndows call will not even
>>>>>>> return an
>>>>>>> error code...
>>>>>> Attached. Your gut seems to be working today...
>>>>>
>>>>> There *is* something weird here. Look at this:
>>>>>
>>>>>> 151 36702 [main] chmod 5536 alloc_sd: uid 1001, gid 513, attribute
>>>>>> 0x2190
>>>>>> 65 36767 [main] chmod 5536 cygsid::debug_print: alloc_sd: owner SID
>>>>>> = S-1-5-21-3514886939-1786686319-3519756147-1001 (+)
>>>>>> 70 36837 [main] chmod 5536 cygsid::debug_print: alloc_sd: group SID
>>>>>> = S-1-5-21-3514886939-1786686319-3519756147-1001 (+)
>>>>>
>>>>> alloc_sd (the underlying function creating a security descriptor) gets
>>>>> a uid 1001 and gid 513 as input, as usual. But the owner *and* group
>>>>> SIDs of the file's existing security descriptor is
>>>>> S-1-5-21-3514886939-1786686319-3519756147-1001, the SID of your user
>>>>> account.
>>>>>
>>>>> Why is your user account the primary group of the file, even though
>>>>> your user token definitely has "None" (513) as its primary group?
>>>>> How did it get there?
>>>>>
>>>> I don't have a clue. You're the expert. :)
>>>>
>>>
>>> I'm wondering if we're getting the user id as the group for the MS
>>> Account because there is no group id. Chris, what does 'id' for
>>> each of these accounts look like and is the group id (assuming they
>>> are different that the user id) in there?
>>>
>>>
>>
>> Well, I hope I'm not comparing apples and oranges, because now I'm at
>> home. However, I have duplicated the scenario and results on this
>> machine. It was actually where I noticed it first.
>>
>> id produces expected results:
>>
>> MS account:
>> $ id
>> uid=1001(Chris) gid=513(None) groups=513(None),545(Users),1003(HomeUsers)
>>
>> Local account:
>> $ id
>> uid=1007(cjb) gid=513(None) groups=513(None),545(Users),1003(HomeUsers)
>>
>> Actually, it's not quite what I expected. Chris is in the Administrators
>> group, and that's not shown.
>>
>> $ net user Chris
>> User name Chris
>> Full Name Chris Breisch
>> Comment
>> User's comment
>> Country/region code 001 (United States)
>> Account active Yes
>> Account expires Never
>>
>> [snip PW stuff for Cygwin filter]
>>
>> Workstations allowed All
>> Logon script
>> User profile
>> Home directory
>> Last logon 5/1/2014 8:39:44 PM
>>
>> Logon hours allowed All
>>
>> Local Group Memberships *Administrators *HomeUsers
>> *Users
>> Global Group memberships *None
>> The command completed successfully.
>>
>> $ net user cjb
>> User name cjb
>> Full Name cjb
>> Comment
>> User's comment
>> Country/region code 000 (System Default)
>> Account active Yes
>> Account expires Never
>>
>> [snip]
>>
>> Workstations allowed All
>> Logon script
>> User profile
>> Home directory
>> Last logon 5/5/2014 5:40:39 PM
>>
>> Logon hours allowed All
>>
>> Local Group Memberships *HomeUsers *Users
>> Global Group memberships *None
>> The command completed successfully.
>>
>>
> Hmmm, just noticed something in /etc/group:
>
> Chris J. Breisch:S-1-5-21-3514886939-1786686319-3519756147-1001:11001:
>
> and on another machine where I can reproduce this:
> Chris:S-1-5-21-1055441198-2882714470-4103286779-1001:11001:
>
> Oddly, mkgroup -l does not produce this line on either machine, so I'm not
> sure where it came from. In both cases, the SID for the group is the same as
> the my user's SID.

Is 513/None in the /etc/group file too or is it missing?


-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple