DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:message-id:in-reply-to:references
	:subject:mime-version:content-type:content-transfer-encoding; q=
	dns; s=default; b=qkEy6krRHrcxCmS4r5ePBkFAX3flQzHxw+hZC7L6gMi7Mv
	+XM/rVRzEp2z6aMxxGvNAs8zM2qC7yl8xNFlxJs6kzR+gRCS46yT13NubYWjzAGZ
	uvXoVQ/eKiNqkb+YT3nxDdSyW4FG4k5YM4cyNlw6JGNHJaJKNlptb1W4MLX4w=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Date: Wed, 22 Apr 2015 10:58:35 +1000 (EST)
From: John Orr <john DOT orr AT ceos DOT com DOT au>
To: cygwin <cygwin AT cygwin DOT com>
Message-ID: <1277097406.207429.1429664315268.JavaMail.zimbra@ceos.com.au>
In-Reply-To: <20150421085053.GW3657@calimero.vinschen.de>
References: <1883631812 DOT 201190 DOT 1429592754813 DOT JavaMail DOT zimbra AT ceos DOT com DOT au> <20150421085053 DOT GW3657 AT calimero DOT vinschen DOT de>
Subject: Re: File owner set to Unknown+User on cygwin 1.7.35 via samba 3.6.6 on debian
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Thank you Corinna, for this and all your other fantastic work for the cygwin community.

>> Looking at files in my home directory on my debian host mounted via
>> samba gives this kind of output:
>> 
>> #: john AT johndesktop:~ ; ls -l /cygdrive/l/.bashrc
>> -rw-r--r-- 1 Unknown+User john 3833 Aug 22  2013 /cygdrive/l/.bashrc
>> 
>> On the debian host, I am:
>> #: john AT johnwl:~ ; id
>> uid=1000(john) gid=1000(john)
>> groups=1000(john),4(adm),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev)
>> 
>> On cygwin, I got this from the SAM database:
>> #: john AT johndesktop:~ ; net user john
>> User name                    john
>> [...]
>> 
>> I'm not sure how the group is being translated to "john" in the ls
>> command above with an empty comment field, but that's just good, I
>> suppose. (It's possible I did this when trying to fix this problem a
>> month ago, but I can't work out what did it.)
> 
> That would be nice to know.  It might be an entry in your /etc/group
> file, along the lines of
> 
>  john:S-1-22-2-1000:4278190180:
> 
> (Note the special UNIX SID)

Thanks.  First up - when I first read of all the changes to permissions, I thought I read that the /etc/passwd and /etc/group files should no longer be necessary, and I thought I'd deleted them, intending to start a fresh and do things the new way.  Indeed, I have passwd.bak and group.bak files probably from where I did this - but somehow or other, it seems I had created new versions of these files anyway.
Perhaps it was my floundering around trying to resolve this problem whilst having trouble, I'm not sure.  Anyway - since these things will no doubt mean more to you, for the sake of completeness in understanding what I already posted, I had:
/etc/passwd
SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash
LOCAL SERVICE:*:19:19:U-NT AUTHORITY\LOCAL SERVICE,S-1-5-19:/:/sbin/nologin
NETWORK SERVICE:*:20:20:U-NT AUTHORITY\NETWORK SERVICE,S-1-5-20:/:/sbin/nologin
Administrators:*:544:544:U-BUILTIN\Administrators,S-1-5-32-544:/:/sbin/nologin
NT SERVICE+TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:/:/sbin/nologin
Administrator:*:197108:197121:U-JOHNDESKTOP\Administrator,S-1-5-21-775725812-2182925691-3402384268-500:/home/Administrator:/bin/bash
Guest:*:197109:197121:U-JOHNDESKTOP\Guest,S-1-5-21-775725812-2182925691-3402384268-501:/home/Guest:/bin/bash
john:*:197608:545:U-JOHNDESKTOP\john,S-1-5-21-775725812-2182925691-3402384268-1000:/home/john:/bin/bash
john:*:4294967295:4278191080:S-1-22-1-545

/etc/group:
SYSTEM:S-1-5-18:18:
NT SERVICE+TrustedInstaller:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:328384:
Administrators:S-1-5-32-544:544:
Backup Operators:S-1-5-32-551:551:
Cryptographic Operators:S-1-5-32-569:569:
Distributed COM Users:S-1-5-32-562:562:
Event Log Readers:S-1-5-32-573:573:
Guests:S-1-5-32-546:546:
IIS_IUSRS:S-1-5-32-568:568:
Network Configuration Operators:S-1-5-32-556:556:
Performance Log Users:S-1-5-32-559:559:
Performance Monitor Users:S-1-5-32-558:558:
Power Users:S-1-5-32-547:547:
Remote Desktop Users:S-1-5-32-555:555:
Replicator:S-1-5-32-552:552:
Users:S-1-5-32-545:545:
Debugger Users:S-1-5-21-775725812-2182925691-3402384268-1001:197609:
None:S-1-5-21-775725812-2182925691-3402384268-513:197121:
john:S-1-5-32-545:4278191080:

> What are your /etc/nsswitch.conf settings?

#: john AT johndesktop:/etc ; cat nsswitch.conf 
# /etc/nsswitch.conf
#
#    This file is read once by the first process in a Cygwin process tree.
#    To pick up changes, restart all Cygwin processes.  For a description
#    see https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch
#
# Defaults:
# passwd:   files db
# group:    files db
# db_home:  cygwin desc
# db_shell: cygwin desc
# db_gecos: cygwin desc
#: john AT johndesktop:/etc ; 

> So, what does `id' print for you?

#: john AT johndesktop:~ ; id
uid=197608(john) gid=545(Users) groups=545(Users),197121(None),114(Local account and member of Administrators group),544(Administrators),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local account),4095(CurrentSession),66048(LOCAL),262154(NTLM Authentication),405504(High Mandatory Level)

>  What does `getent group john' print?
#: john AT johndesktop:~ ; getent group john
john:S-1-5-32-545:4278191080:

> Do you have an /etc/group
> file by any chance, which does the name translation?

Yup :/

>> Since I don't seem to be a member of Users (as mentioned in ntsec
>> doco), but only Administrators,
> 
> No, that's not the case.  All user are members in the Users group.  `net
> localgroup Users' should show this.

Ok, that makes sense - I guess I was confused by the lines in my previously posted 'net user john' output saying:

Local Group Memberships      *Administrators       
Global Group memberships     *None                 

Why no mention of Users?  Also:

#: john AT johndesktop:~ ; net localgroup Users
Alias name     Users
Comment        

Members

-------------------------------------------------------------------------------
NT AUTHORITY\Authenticated Users
NT AUTHORITY\INTERACTIVE
The command completed successfully.

(I can check with our Windows sysadmin about this if you like.)

> However, your *real* primary group
> as a local user is the group called "None" (unless you're using a
> "Microsoft Account", but that doesn't seem to be the case here).

Said sysadmin confirmed it's a standalone machine - though I don't know what a "Microsoft Account" is I don't think...

For the record, I'll share my confusion that if my real group is None, I don't know why I get this:
#: john AT johndesktop:~ ; net localgroup None
System error 1376 has occurred.

The specified local group does not exist.

#: john AT johndesktop:~ ; net group None
This command can be used only on a Windows Domain Controller.

More help is available by typing NET HELPMSG 3515.

#: john AT johndesktop:~ ; NET HELPMSG 3515

This command can be used only on a Windows Domain Controller.


> You can change your primary group to another one in Cygwin, but you have
> to make sure this group is in your user token.  The Administrators group
> is not in the user token in a normal shell, unless you elevate it ("run
> as admin...") so using None or Users is much more safe.

Ok - sounds good.  I've no desire to change primary groups - just to get things working...
 
> For getting this stuff working it might be better to start out by removing
> all these settings and start from scratch, looking what's there and what's
> not (passwd, group files, nsswitch.conf settings).

Totally agree (and as I say, this was my original thought too).

Removing passwd and group immediately changes my output to 
#: john AT johndesktop:/etc ; ll /cygdrive/l/.bashrc
-rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22  2013 /cygdrive/l/.bashrc

>> I figured the commands I should run to
>> match my debian box would be
>> 
>> #: john AT johndesktop:~ ; net user john /comment:'<cygwin group="Administrators"
>> unix="1000"/>'
>> The command completed successfully.
> 
> Hmm, that should do it, in theory.

Ok... but since I have 'net user john' giving 
Comment                      <cygwin group="Administrators" unix="1000"/>
and 'net localgroup Administrators' giving
Comment        <cygwin unix="1000"/>

- but I'm still getting the output

#: john AT johndesktop:~ ; ls -l /cygdrive/l/.bashrc
-rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22  2013 /cygdrive/l/.bashrc

whilst I thought I'd done all I needed to.  Could the problem be that I'm somehow not in Users, but as you say, Administrators is not - let's say 'functional' - in my xterm, so the mapping isn't working?  Ah - but 'id' says my gid is Users, so no, I guess.

> I just tried this on one of my
> machines with a local account, and while the "home" and "shell" settings
> require "db_home: desc" or "db_shell: desc" in nsswitch.conf, the "unix"
> setting works fine for me without any change to nsswitch.conf.
> 
> However, I wonder...
> 
> Yes, that may be the problem here.  Do you have an /etc/passwd file
> with your user entry, and is the nsswitch.conf passwd setting either
> 
>  passwd: files db
> 
> or commented out (which amounts to the same)?

Yes...

> If so, the passwd entry shadows the request for user information from
> the account DB (SAM in your case), and the description settings in
> SAM are never read.  For testing, set nsswitch.conf to
> 
>  passwd: db
>  group: db
> 
> and try again. 

Ok

> But make sure to remove the "group=Administrors" first.

I presume you mean to remove it from my comment in 'net user john' - ie run
#: john AT johndesktop:/etc ; net user john /comment:'<cygwin unix="1000"/>'
The command completed successfully.

#: john AT johndesktop:/etc ; ls -l /cygdrive/l/.bashrc
-rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22  2013 /cygdrive/l/.bashrc

Anyway - sorry for the length of all this, I'm just trying to be thorough, just in case there's something useful to be learned that might help others.

My primary goal is to get things working, the simplest, or most correct, way - but I'm clearly not there yet for some reason.

If my Windows group is indeed Users as id reports, then should this be working?

#: john AT johndesktop:/etc ; ls /etc/passwd /etc/group /etc/nsswitch.conf          
ls: cannot access /etc/passwd: No such file or directory
ls: cannot access /etc/group: No such file or directory
ls: cannot access /etc/nsswitch.conf: No such file or directory
#: john AT johndesktop:/etc ; net user john /comment:'<cygwin group="Users" unix="1000"/>'
The command completed successfully.

#: john AT johndesktop:/etc ; net localgroup Users /comment:'<cygwin unix="1000"/>'
The command completed successfully.

#: john AT johndesktop:/etc ; ls -l /cygdrive/l/.bashrc
-rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22  2013 /cygdrive/l/.bashrc

given id on my debian box gives

#: john AT johnwl:~ ; id
uid=1000(john) gid=1000(john) groups=1000(john),4(adm),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev)

Further thoughts/suggestions/requests?

Thanks again,
John

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple