X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:reply-to:in-reply-to:references
	:from:date:message-id:subject:to:content-type; q=dns; s=default; b=
	e9FIAONUnvr4VUbflsVsMGjRuSdzaElEv9veiRZ6vpREza3CFLqxk/F1PqhskZob
	7U5vPIGXFqhMhSL8NObFpUowDl7gk1zK+xwCAeaeWc1i0Wh9/ZhRm/s6cq3jrARl
	xyc/Xglu/GGJOSiGSsOkXlSHnM952vTZ2pUtYn6FHoE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:reply-to:in-reply-to:references
	:from:date:message-id:subject:to:content-type; s=default; bh=ERm
	3fRHMYvpuqq+TTxEEBLcgQ7g=; b=Z+rJ0Q5lsOuqUuXYhVt2VSg6v4zOxhXaFgr
	xHc0Y4YDzg4t5RNjokgNV/068YCYXqIOnK3u3IumAKScwQx3oqew/dglkjThcLsB
	lwfhWGGHEH/R7pI5tMh5evneVNg11KApMkFgr5tVYJ/nAMnXVSBddUh75mHBsYi+
	o4JQx4T4=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.4 required=5.0 tests=BAYES_00,CYGWIN_OWNER_BODY,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 spammy=erroneous, explaining, Hx-languages-length:2181, H*f:D3980824.9862
X-HELO: mail-qt0-f182.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20130820;        h=x-gm-message-state:mime-version:reply-to:in-reply-to:references         :from:date:message-id:subject:to;        bh=W54dUwNdHq1KAIqq8FZbiMESbM+gpD+Lbz4YrImac2U=;        b=SyYvBLPCIhzC0/7kg2RsE249gTsz3Rfl0ezD4kE071QfYWOlYVNEWjE559aFkMXqCz         Ha08aG1K3bPV0Roq/Y/J5hyfxIYBrkk2wXadtfOuePf3BE1ziC/XUyDm0Ojk4kQ0BFSI         x3m9rTpGxsrNqPOB1NBWX9nAFaWyftEKAIJd1eaRWYLwk0Mc/7UekTD3ZDmO65suXmfw         49/HKMaTWXO767N1id29QNSaKDbepmbrETRB4e8+DzYhWoTQdNgtOpIhPu4VMuf9+IsM         LmHA3zd5LIXdilgugwkdnp0Qh7G4IpXwMOfsiOqPNvGKoxVOcjsWs1eCb5C3zY9wDkAM         lAng==
X-Gm-Message-State: ALyK8tJCXE1YOFVU+7Ik+meL88s6Z8gqibS861om41LwPbR6CrZOT+HFQIDp/Oy4S2BFYdc+xMLu5AFn1N2smA==
X-Received: by 10.200.34.157 with SMTP id f29mr4529827qta.46.1467138874866; Tue, 28 Jun 2016 11:34:34 -0700 (PDT)
MIME-Version: 1.0
Reply-To: John DOT Ruckstuhl AT gmail DOT com
In-Reply-To: <D3980824.9862%billziss@navimatics.com>
References: <D392BA70.95D4%billziss AT navimatics DOT com> <20160624195144 DOT GB27089 AT calimero DOT vinschen DOT de> <D392F074.962E%billziss AT navimatics DOT com> <20160624215948 DOT GD27089 AT calimero DOT vinschen DOT de> <D39583E5.96E3%billziss AT navimatics DOT com> <1945820393 DOT 20160627122324 AT yandex DOT ru> <20160627102614 DOT GA8258 AT calimero DOT vinschen DOT de> <D396C16E.9770%billziss AT navimatics DOT com> <20160628102705 DOT GA22797 AT calimero DOT vinschen DOT de> <D3980824.9862%billziss AT navimatics DOT com>
From: John Ruckstuhl <john DOT ruckstuhl AT gmail DOT com>
Date: Tue, 28 Jun 2016 11:34:34 -0700
Message-ID: <CAOBROv2836AMeLVk0TFdR6tJvGS3hHxTgySV-sALb7irm355sw@mail.gmail.com>
Subject: Re: POSIX permission mapping and NULL SIDs
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=UTF-8
X-IsSubscribed: yes

Since these emails go to a list, not just Bill, and are archived,
the extra detail is added value and appreciated by other people now & in future.

On Tue, Jun 28, 2016 at 11:06 AM, Bill Zissimopoulos
<billziss AT navimatics DOT com> wrote:
> On 6/28/16, 3:27 AM, "Corinna Vinschen" <cygwin-owner AT cygwin DOT com on behalf
> of corinna-cygwin AT cygwin DOT com> wrote:
>
>
>>>Ok.  Please keep in mind that
>>
>>a) there can't be a bijective mapping between arbitrary length SIDs
>>   and a 32 bit uid/gid.
>>
>>b) The mapping used in Cygwin is not self-created but (mostly, except
>>   for a single deviation) identical to the Interix mapping.  The code
>>   basically follows how this mapping has been defined by Microsoft.
>
> Corinna, please stop explaining things to me that I already know.
>
>>> BTW, I have here a partitioning of the UID namespace that may help
>>>choose
>>> the right mapping:
>>>
>>> /*
>>>  * UID namespace partitioning (from [IDMAP] rules):
>>>  *
>>>  * 0x000000 + RID              S-1-5-RID,S-1-5-32-RID
>>>  * 0x000ffe                    OtherSession
>>>  * 0x000fff                    CurrentSession
>>>  * 0x001000 * X + RID          S-1-5-X-RID ([WKSID]:
>>> X=1-15,17-21,32,64,80,83)
>>>  * 0x010000 + 0x100 * X + Y    S-1-X-Y ([WKSID]: X=1,2,3,4,5,9,16)
>>>  * 0x030000 + RID              S-1-5-21-X-Y-Z-RID
>>>  * 0x060000 + RID              S-1-16-RID
>>>  * 0x100000 + RID              S-1-5-21-X-Y-Z-RID
>>>  */
>>
>>You're aware that I wrote the code for this mapping as well as its
>>documentation? :)
>
> Corinna, of course I am aware of that. I have found your original post to
> this list about it. Why would you think otherwise? And why would it change
> anything?
>
>>>With all that and to help conclude this thread I gather here all the
>>> proposed mappings. Corinna, I will use the one which you prefer the
>>>most:
>>>
>>> S-1-0-65534                    <-> 65534
>>
>>This one is still my favorite.  Again, the range from 0x1000 up to
>>0xffff is unused.  Right now any incoming uid/gid value in this range
>>for a reverse SID lookup is treated as invalid SID.
>
> I disagree. You are saying that it is unused, but a (perhaps erroneous)
> SID would map into that space.
>
> In any case I will use your mapping of S-1-0-65534 <-> 65534.
>
> Bill
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple