X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=gC1T/Kro9U/2JQXi
	LY/Elgodpoqk+8mWxQNhuum2rGgb/ojxuXNkm7qrWeWmZQIp2NGXTKzvgK5NCFgt
	IA0UymNmQsoJi1Ly9HpwPJi2VOvV+mdGdtxa/xRQzZIFpaSn63sVsSINZ36tRqYt
	u7VzaoBVZLpdIElWEKM38m3bABo=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=SwUd3F/1aoibJXGUH+ywca
	nRuLA=; b=b4jt4v+DDsMpB/crn1wofRN1ylY6ubZIR4mRd03HeiXoSXiRfemMFn
	9xKgFZJvASdKc6UGcxfbs/CmCd/IHOR1ZLM56ow9D1V0dNGtHP5gvGDLh0X9MSbR
	sfoqdlf/LzL7qNcRnO4avno3ZjgDz34hUr9oJgK5IqU6c8QQIF2no=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.1 required=5.0 tests=AWL,BAYES_20,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mail-pa0-f42.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20130820;        h=subject:to:references:from:message-id:date:user-agent:mime-version         :in-reply-to:content-type:content-transfer-encoding;        bh=flIA2XSk8X7v9gZEj2RqHafifV0pDJBfgi8LpF+rGGI=;        b=DzNtLUqgoxENCebe+CB8vQIsAKRMcK/aJ+j04bVfgiThV6UuKbDCya2GwKkF6Nsdlj         Tp/7t73WkdSlUUBpElh6dS/5ymM88DGVslNWA8eKG/v2cO4yn9SoVNu/EPZ8h54u84kr         Ha75CBHQAsUgTslFmPoT5nRRN3jexZcQR2qUEA/1CoP8k84MxwFIb7UV1Wg9ztCtuych         iTNiggpx5R0X35ulRQDsF7Ur+ohoiir307lEOmDPH9rtAuY/Dvq7uAAnBkvwB2B5G6Ba         wAdUyJ7G/9Scir+8GsxoAbZTPCDSAJZQdm84zOvH8i+60NHvcg1DT0+WBjGe1QpOFbUj         yleg==
X-Received: by 10.66.219.194 with SMTP id pq2mr35567105pac.107.1448281736002;        Mon, 23 Nov 2015 04:28:56 -0800 (PST)
Subject: Re: No support for ACLs on network shares?
To: cygwin AT cygwin DOT com
References: <5652E58A DOT 2030605 AT codespunk DOT com> <89802969 DOT 20151123140802 AT yandex DOT ru>
From: "Matt D." <matt AT codespunk DOT com>
Message-ID: <56530687.3090905@codespunk.com>
Date: Mon, 23 Nov 2015 04:28:55 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <89802969.20151123140802@yandex.ru>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit

Andrey,

My samba server is configured to use winbind and when inspecting the 
file using explorer properties, the SIDs resolve correctly as:

"NAME (HOSTNAME\username)"

where "NAME" is my name on the unix account and "username" is my login.

The problem is that Cygwin isn't aware of this SID since it's the user I 
log in as to the remove server and isn't a local SID.

Using noacl is a valid workaround but I would prefer an ACL-supported 
solution if possible.


Matt D.

On 11/23/2015 3:08 AM, Andrey Repin wrote:
> Greetings, Matt D.!
>
>> I noticed today that when accessing a network share, the permissions for
>> the current user are not resolving.
>
>> For example, I'm connected to a network share //server/share which is a
>> CentOS share with a unix login/password. The share is already logged in
>> by Windows and on the keychain so I don't have to enter the login
>> information.
>
>> In Cygwin, 'cd //server/share' then 'ls -l' I get this:
>
>> drwxrwx---  1 Unknown+User Unix_Group+1001          0 Nov 23  2015 test
>
> This looks like a share on a Linux(samba) server with no UID mapping active.
>
>> I'm already logged in through windows as the 'Unknown+User' but Cygwin
>> does not recognize that I have access to any of the ACLs for the owner
>> or groups and also does not resolve the SID name.
>
> This is really not Cygwin's fault. Windows does all the resolution here,
> Cygwin only relay that information to you.
>
>> The problem with this is that files created or modified are only done so
>> in the 'Everyone' permission and inherited permissions such as the
>> execute bit are not recognized.
>
>> My use-case is where I've mapped a network path to either a network
>> drive or a symlinked folder (with Windows mklink) with the path on the
>> environment's PATH. In this case, files which are executable are not
>> recognized and do not appear when calling 'which'.
>
>> It seems as though Cygwin only maps ACLs to the SIDs stored in passwd
>> and group and cannot handle ACLs when accessing network devices where
>> SIDs are not present in these files. Running passwd/mkgroup after the
>> share is on the keychain does not provide additional SIDs.
>
>> Is there no support for ACLs across network shares at all?
>
> There is. But in cases such as this, when two hosts are not parts of the same
> domain, you are bound to get weird behavior in the strict security context.
> You may try defer default ACL resolutions to Windows.
> Edit your /etc/fstab, add the 'noacl' flag to a 'cygdrive' mount.
>
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple