X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type; q=dns; s=default; b=fw8i
	Wr0N0itX9mCauXOCIWbka1NV6UT5x06UB1GZcNmGZRyajOTXAob+rKkHq74xNFTW
	PmA9P7+TvX9MMxTlw+DQs/dj0YX+TFKJxec/Ju2pZKw0S19bJbvMYgA/QEA8LaA8
	vn3jIkboR3s0WdbQlG62Oli4s0fnClm12o26WP4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type; s=default; bh=jsdkVPGeTI
	+fWzjm92+bk98RPVU=; b=X1tjv0KKAVAg5KrzBZDcWel7Y5u6YfwDZLAzyiCvFe
	EYxev3bux02a6ucWABiCSXewtjES3vJ538u11hvHEc4tpfnHcwCI9VztNWNCc/Tt
	4AcOJHj1e77yt5j61GLJosxYpkNBD4qinAGHt7ET+/V6ZQCCoNm/2UXC7mfLV3wX
	c=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.8 required=5.0 tests=BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=GID, emailed, mars, SID
X-HELO: madmax.studelec-sa.com
Subject: Re: RFC2307 accounts
To: cygwin AT cygwin DOT com
References: <56DFCC21 DOT 8070506 AT studelec-sa DOT com> <56DFE973 DOT 2070406 AT maxrnd DOT com> <56DFFE26 DOT 9080705 AT studelec-sa DOT com> <20160309112750 DOT GA14733 AT calimero DOT vinschen DOT de>
From: Marc Rechte <mrechte AT studelec-sa DOT com>
Message-ID: <56E00DF7.7060406@studelec-sa.com>
Date: Wed, 9 Mar 2016 12:50:15 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160309112750.GA14733@calimero.vinschen.de>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms030400040102080503050807"
X-IsSubscribed: yes

--------------ms030400040102080503050807
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Le 09/03/2016 12:27, Corinna Vinschen a =C3=A9crit :
> On Mar  9 11:42, Marc Rechte wrote:
>> Le 09/03/2016 10:14, Mark Geisert a =C3=A9crit :
>>> Marc Rechte wrote:
>>>> Hello,
>>>>
>>>>    Trying to set RFC2307 accounts, using unix schema in
>>>> /etc/nsswitch.conf.
>>> [...]
>>>
>>> Your original post of this material was answered about 30 minutes after
>>> your post.  Kindly follow up there...
>>>
>>> https://cygwin.com/ml/cygwin/2016-03/msg00076.html
>> Sorry, I did not get that answer emailed to me (some confusion during the
>> subscription).
>>
>> I am not clear with answer given by Corinna.
>>
>> The idea behind RFC2307, imho is to have a consistent UID/GID between
>> systems which have joined a domain. This is what we achieved in our doma=
in,
>> where a user login into whatever Linux box, gets the same uid/gid. One w=
ould
>> expect the same behaviour in cygwin (on a joined machine), wouldn't he ?
> That's not the idea behind the uid/gid mapping.  You might have noticed
> that "unix" is not used as a keyword in the passwd and group settings
> in /etc/nsswitch.conf, only in the db_home, db_shell, and db_gecos settin=
gs.
>
> Keep in mind that we have two mappings.  The main mapping is the mapping
> between Windows SID and a computed uid/gid value used in Cygwin which
> allows fast mapping in both directions.  A computed value drops the
> requirement to access an LDAP server for the mapping, which is
> especially bad when not using AD as mapping server.
>
> Please read https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nfs
> and https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba
> again.  The RFC 2307 mapping only comes into play when reading meta
> information from an NFS or Samba share.  The unix uid/gid values have to
> be mapped to a Windows user (better: SID) in the first place, not to the
> Cygwin uid/gid values.  The actual uid/gid values are irrelevant.  Worse,
> using the RFC 2307 values might collide with other, computed uid/gid
> values.
>
>
> Corinna
>

OK, I noticed that. Now it brings me a problem using rsync on cygwin.

On cygwin:
$ cat /etc/rsyncd.conf
[test]
         path =3D /cygdrive/c/tmp
         comment =3D zone de test
         fake super =3D yes
         read only =3D no

On the Linux box:
# ls -l /home/tunix/
...
drwxr-xr-x  3 tunix root                     4096  9 mars  12:23 resto_win
-rw-rw-r--+ 1 tunix utilisateurs_du_domaine 82882  9 mars  10:56 tmp.ps

#  rsync -avz --acls --delete /home rsync://192.168.0.23/test
..
# rsync -avz --acls --delete rsync://192.168.0.23/test/home/tunix resto_win/
...
# ls -l /home/tunix/resto_win/tunix/
...
drwx------ 2 1050005 1049089  4096  9 mars  12:14 resto_win
-rw------- 1 1050005 1049089 82882  9 mars  10:56 tmp.ps

You will notice that owner, group and ACLs  are *not* restored properly

Am I demanding too much to cygwin ?

Thanks for your time.

Marc


--------------ms030400040102080503050807
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: Signature cryptographique S/MIME

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG
9w0BBwEAAKCCDBQwggXZMIIDwaADAgECAgcWZ1TjwnBRMA0GCSqGSIb3DQEB
CwUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw
KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0w
NzEwMTQyMTAxNTVaFw0yMjEwMTQyMTAxNTVaMIGMMQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ijKDjKaI
QZZVR63UbxIP6uq/I0fhCu+cQhoUfE6ERKKnu8zPf1Jwuk0tsvVCk6U9b+0U
jM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1PKHG/FaR/wpb
fuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8Q89lGxah
NvuryGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5r/2dabmt
xWMZwhZna//jdiSyrrSMTGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/Xe2AC/Y7z
eEsnR7FOp+uXAgMBAAGjggFMMIIBSDASBgNVHRMBAf8ECDAGAQH/AgEAMA4G
A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4UYIw
HwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwaQYIKwYBBQUHAQEE
XTBbMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2Ew
MAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL2Nh
LmNydDAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNv
bS9zZnNjYS5jcmwwQwYDVR0gBDwwOjA4BgRVHSAAMDAwLgYIKwYBBQUHAgEW
Imh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwDQYJKoZIhvcN
AQELBQADggIBAHQKh/oy3viYt+qvMyyQhqWiIb9kP1KRhqWHGFMID7OAbofo
UgDKVUJ7UsiBnPmleGa2pUwvf2B67qPqc2e9Ge9/kBvJtV8rSES3z+/KVrx6
UwlX8VyWnkRNGV0PLvCD+34cIOqhF3Tjmt4jpfYSTjkXcOpa7F4RGZbmu0+j
1HO46XAYypOisgXD3XWecqqXzEMimZVrF3DlsMYTYMmFtzRYAeaDh2BxczJl
V4HeBs8gw7d4USUoDWHckMR4QK0zLVVmQ1F66irltWWsJ9CFKVyz9ZTBspi3
FDJCT93XfR4OrOUHB+I5P18lTWHDD1p/9dX7Zh8bdwlOSKdEfsKvzaxVZbKk
uXXo7FMG2v6LQ2Jmv6Gc4jJ8jSyjatpy86llJJT2R3tJFPRGlfPcZ1ge3Ad/
qXDZKPI4pN8D5so89WUPAJ7z9ZeDqSFdGTWaynTZaCRPAIC/e35VtTyNuIam
+n6nuaZFgccpACw51vkgFUij6AKxByq7CNgB1Zn/FRX15qZA9bu2ZI8QTHJT
/8zM3njXAgV6AsFOf682t14qsYSBz0jpef8kU0q15uV9oZSGjy1ph/0ysQD+
342MIh3PQlKp62dj3eWWP3MBF7gtQTbERX1PmMzfTIsyMbjq+pv9P4iKROw0
+8MNp0PUNtilMG2fKLBRoczLiZ7hMLjyedCXMIIGMzCCBRugAwIBAgIDDdBx
MA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNh
dGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5
IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMTUwNDIzMjAzOTUxWhcNMTYw
NDI0MDExNTM0WjBKMSAwHgYDVQQDDBdtcmVjaHRlQHN0dWRlbGVjLXNhLmNv
bTEmMCQGCSqGSIb3DQEJARYXbXJlY2h0ZUBzdHVkZWxlYy1zYS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjPBxK6ovK8pBqnxN//2tY
BYDqeSn78k1Uxbk4ecgy6rrmCHUnoS/Pdf7s5x+aNoe/60RweVYDB6kGloin
ROLnePBO2ZC/qSJFQFhuXsN5FqWB7O+OCHNXxrhaqVUdhOokDnpq7w/ErdWa
SBcGQEYd7hyNN9OuQ7cyu4evSEaHNB49BDp1DX3arW/sXZUwfWaFBiR6eEL4
ZggO0hrEZ1xA+c4TkIy5qQ4lPoVHATl7eOXQZYXBvJx5vRDUABBYwTorORjn
AwumufXtE5LYrjvKGG8783UkKZrHYuFdbA+BHrEq8j99APw9EXhwnWXO90Wg
pgVUquas2Gpdy39KEdW1AgMBAAGjggLdMIIC2TAJBgNVHRMEAjAAMAsGA1Ud
DwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0O
BBYEFOHaNvYSvKBhzp4VNSou8V6yDDudMB8GA1UdIwQYMBaAFFNy7ZKc4NrL
AVx8fpY1TvLUuFGCMCIGA1UdEQQbMBmBF21yZWNodGVAc3R1ZGVsZWMtc2Eu
Y29tMIIBTAYDVR0gBIIBQzCCAT8wggE7BgsrBgEEAYG1NwECAzCCASowLgYI
KwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYw
gfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRz
IG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9y
IHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJl
bHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDYGA1UdHwQvMC0wK6ApoCeGJWh0
dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUF
BwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNv
bS9zdWIvY2xhc3MxL2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2Fp
YS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMS5jbGllbnQuY2EuY3J0
MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG
9w0BAQUFAAOCAQEAhunLBnxICdIiA9RKtGQwcRY97JFT1zEWR3jVGI2JFpyc
oo08A73T8U44c/MiUmxHxPc4wXWXmvIzxKnJXazTn4vg7WlXjGz9tUbnC5Y0
GtihRZKE4zng6N4k2PyHJ8M7fGTs02I596VoH4mNt0Do4Uh5EH/vF//D5/Ml
U0oKZew/h6XWCl4MlquUJkl61SzYQSUhjEfDNXe8SGemsLofVPfd6z2QKxWT
PB+98COx0KMc5pH37aXTdSlHkP3JO3tvppmsf/jD8V+pRXPxhrvR7NP0ZrLa
BwEEBmY7aPnOCpg0OCN52Z4FKx3htN16x18hs6192PGEWjlp3MWoe6oZeTGC
A+0wggPpAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg
U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IElu
dGVybWVkaWF0ZSBDbGllbnQgQ0ECAw3QcTANBglghkgBZQMEAgEFAKCCAikw
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYw
MzA5MTE1MDE1WjAvBgkqhkiG9w0BCQQxIgQgLkhWpsxAD03mGVjEu2t+mSN2
AVYp72fS9QTQkYfvAywwbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQMEASow
CwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq
hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBpQYJKwYBBAGC
NxAEMYGXMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln
bmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy
bWVkaWF0ZSBDbGllbnQgQ0ECAw3QcTCBpwYLKoZIhvcNAQkQAgsxgZeggZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYD
VQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD
VQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs
aWVudCBDQQIDDdBxMA0GCSqGSIb3DQEBAQUABIIBAEhXUVYZFifv7KR7+xNa
UTxgWdtnCNuS6k771f9vV5FBmmvo2fauKKpVNGq7ZShyWOfL+qbGHIL0vQAP
XaQjkcIpgZAjR/j0nyUAbvaTyd5SAGdiiXmhzwG5GNmEZKfYNOYN3O5u/3Dl
PiyV8nKSKEYeYm0x20nkQ+NwVnMrnl3k0mM0bZuSydvFxzRmdJxp3EvpXXTs
67JqNzdYS6qIdDnsAw1visauZoLjSq0E0ELPZI3VKE8iWNL62LaBGDHYJ+aP
rO4lNt7C+Hq89IL337wXXIQ/vvSMg0Y7xOcsPYYHVTSb4r+kJIGqrNzFL7D8
HgmX3LEKtOWqQib8eLAcoE8AAAAAAAA=

--------------ms030400040102080503050807--