X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=rdAvf65k6nkRI7Re3GWytoZbgojHwP+WSm7UVPnQ+kgOHs7lo3F9Y
	NvI70+l6I7/a5f5Y3WUYLua9bmGR1JtAjxsGzSVHdD4hibFvky1/D4trd73kgrkc
	09PSWbFLjBAmEKfocDiAaxzEJUt351xdZVoshpCidqjJbN2A9SWHfA=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=tIJHzFauR33XEY1I/otUXuJ3u+s=; b=KLGORbNVGfQLabGDamxuEKshLXp2
	ZN0MlLVlfWgqQyfV905w9lUfB6gRfpDqMij5OzPPgVVu3rLpzfS+G+BP3FJfl/hg
	bh+NWSLTUnnj0TWHs4IZ7kaj2wBXO0nsK3tIpuDcGjCLJ911mS4dq9/7D/vyZaVb
	+ucpZGGiGvlsUdY=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-106.2 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=rights, accounts
X-HELO: mout.kundenserver.de
Date: Wed, 11 Apr 2018 11:34:43 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: [Bug] File permissions across domains
Message-ID: <20180411093443.GM29703@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <874lkjt3dw DOT fsf AT Rainer DOT invalid> <20180411070312 DOT GK29703 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="uJWb33pM2TcUAXIl"
Content-Disposition: inline
In-Reply-To: <20180411070312.GK29703@calimero.vinschen.de>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-UI-Out-Filterresults: notjunk:1;V01:K0:vnO+P0Jgtw0=:8PJcdpt7qdp8JiT7KLtVIK zOgX7hw/1idYNSmkHh3ce/HPBbHNd/RbzZq+IEfP0YK4mKBkDzIDLk0VmJpxd1t/ZWagB8wJM k7orfuwxi6T0PXFjFOZrvjZdHz+hBj2vhpHgVDcYsJ70kaWfQRlN4RO+32RXMoU/dEhWF1NFT qObW/FeI+49yvs2zQqB9OpnuCWKdD+8cdDT6nx5rkOObsAWAyURQZ6GTxMi8HNOgUJKP1tGuA FKwGDcTjfXZglFMJeYQy2XU6e2kSSTshP/nNgMZXd25A0zCU7OHfAZPXIeNu+H5dAz3pE8SDb scSgvBNBQAW08lgo/vP6MBeYwL+MPYQz6MfxUWfkZuk98ElsPvOkqopXi1EASnudl5lq+I9Em /LCBBj9AYPSkm1N3SJVq5zARMJufTfcxvsW2DyTWPduIgd0GcNOv5JNC2o8SvnQd7l5KTpRij irPU9JDpsyxBZgWmbP4lJ3SVmn03uHL5HJ9NVehfj1VzonzcboWPY1nMdhstEi5u06AhZ3Ylh qpj4d1LU6lIvNiKyEspJIMpr6zug3GeA/aje6+fAE6hpR2I6oxPt7c2+qry0ytGsibA9EG+L5 9LiPw/LmSKG3N9K2ui4RPq9Kpha7roOpadR3DDTTWqI0pMUplgV+Rb5yZrHMZ3F54hXvQxrqY BbD5ZU/u++0NoZmiUhJc6EvH1d/lAdmgc2Nb8ThgSYEpWyU3AXkiZP5kgh9LallIY96Fx+/cW PxNh0d3eKuRenTNeKmtLdTdp+kwgI+xGpnFexA==

--uJWb33pM2TcUAXIl
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Apr 11 09:03, Corinna Vinschen wrote:
> Same here, belong on the Cygwin ML.  Redirecting.
>=20
> Corinna
>=20
> On Apr 10 18:47, Achim Gratz wrote:
> >=20
> > We're in the midst of switching to a different LDAP domain
> > organisation.  All my accounts still arein the old domain and that leads
> > to problems when lookking at shares from a mchine in the new domain:
> >=20
> > --8<---------------cut here---------------start------------->8---
> > (1027)/mnt/upload > touch bla
> > (1027)/mnt/upload > getfacl bla
> > # file: bla
> > # owner: OLD+gratz
> > # group: OLD+Domain Users
> > user::---
> > group::---
> > group:OLD+cygwinupload:rwx
> > mask:rwx
> > other:---
> >=20
> > (1028)/mnt/upload > ls -l bla
> > ----rwx---+ 1 OLD+gratz OLD+Domain Users 0 Apr 10 14:41 bla
> > --8<---------------cut here---------------end--------------->8---
> >=20
> > So Cygwin correctly figures that I'm the owner of the file, but fails to
> > translate my access rights (via group OLD+cygwinupload) into the owner
> > part of the modes like it does when I look at the same file from a
> > machine in the old domain.  That in turn confuse sprograms that check
> > the modes before the ACL (like Git) to tell me that I can't access the
> > files (or that there is no repository in the case of Git).

This is a bit low on detail.  What does icacls say about this file?  How
does getfacl report the ACL on a machine in the old domain?  What does
ls -l report on the file on both machines?  Does an strace on getfacl
report an error in ACL checking?


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--uJWb33pM2TcUAXIl
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlrN1rMACgkQ9TYGna5E
T6Aorw//en6ASTyntON+i3c1t6rTuOUFmZtOPO8USzOevqLz+y0bCf4ETpNgRnw8
B5e+yT3An6O9Sx3j7rgl2X9YjyKVbvw+mZ3L3OmXUOQHwF8fAGkSU5rqYqGU2Lnf
Uj+5PMqCa9TiTXa90pUX5rVz7RarX5klph2AWWG2bXeGNBll2hjFh+lwW42CeqOt
6zVqqAWp52a2gwtWjh2Et5VUKqDPRsyxstfp/rleIN+WfjhYc9TJrZrudtWLr2G0
HiPQAYe6/kksB6baRErWTjRmckq5r6WrmJbTXde5s5h/0/3UaLdVdbwDhCOFT0Gy
uf85rLieH7/RjY7wIbpj0DDs2YoMg3iDjDKVWdL/1Kw1o/EMNWt6KQpvNm3QhMXG
P4OZ6HhkP9hm8akzNQIFZtdWjXftyBCoonxv//lx1hV+O6kIy2qOydvLXwKGKPKj
a+EaxcuTAOqTP6ccGkxsoleGfEusq01mG7SuAtUUOa6bWq7qt3qr22+X7XKVWari
tCaVLDJN1BbHHo81atvxOHnwrO0b3i8Hsa59aw9gdx6S9V7nNcY9j5d3W/CK0cvS
H1hQMSCzrtgOgTMj5skNUbINTAnzYK3q8CMD0TIuGckieCKstjZj+uTcqJ3JQ91M
80TCRjgc0D+x9CPN/py5nQj8L9J0nopQA5MslTY1y8ovUfO99Fs=
=9h8R
-----END PGP SIGNATURE-----

--uJWb33pM2TcUAXIl--