X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; q=dns; s=default; b=GT99z H+iKD7b+BDQvUCMJz3zLa3xQbTLwEd9cMeu0AWJhqof+4kvOBg7b5J1nI/RqzLfL PkHeoXXhFlyeF2xhifWDfSvvCw1m6VHsyjoP5fX6I+ZRhCb6JSHz01/FqPbcia32 j2zpr9YzgE6KJvNCiR/J/3HH/StQO15dkMPUfA= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; s=default; bh=1/BUMUFI0WU JrZbR2U1SuJKZ6HM=; b=C0/FoJOKUptV3JaLccEQ+LbJ/DM8D5zeyFEhIYBxzLi Zvb1bky/7YeD6h+hkdjdsyWrbLZmBeG4Y5AmL775jTCSAfoFlUX4RH5l4pjFxMsD YD9AzSyBBpE4aQfxv4/cuc180Kru7uEKt3yS67IsQv/m9pB5MwebbPRiFc3itVrc = Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=Sound, privileges, Hx-spam-relays-external:ESMTPA X-HELO: vsmx012.vodafonemail.xion.oxcs.net From: Achim Gratz To: cygwin AT cygwin DOT com Subject: Re: [Bug] File permissions across domains References: <874lkjt3dw DOT fsf AT Rainer DOT invalid> <20180411070312 DOT GK29703 AT calimero DOT vinschen DOT de> <20180411093443 DOT GM29703 AT calimero DOT vinschen DOT de> <87r2nlwtln DOT fsf AT Rainer DOT invalid> <20180412073805 DOT GS29703 AT calimero DOT vinschen DOT de> <87bmeo8cc7 DOT fsf AT Rainer DOT invalid> <20180413122959 DOT GB27440 AT calimero DOT vinschen DOT de> Date: Fri, 13 Apr 2018 21:31:01 +0200 In-Reply-To: <20180413122959.GB27440@calimero.vinschen.de> (Corinna Vinschen's message of "Fri, 13 Apr 2018 14:29:59 +0200") Message-ID: <87sh7y52fe.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-VADE-STATUS: LEGIT Corinna Vinschen writes: > It's dirt easy: For you... :-) I know next to nothing about all this stuff. > Ok. However, MSDN explicitely suggests to fetch the AuthZ context > from the current user token, if the idea is to ask for the permissions > of the current user. It's much less costly than calling > AuthzInitializeContextFromSid. OK. > Is your account an admin account by any chance? If so, does it work if > you run in an elevated shell? As I said, I have both an admin and a normal account that show the same behaviour (it makes no difference if the admin account is used with elevated privileges or not). > I don't understand what you're trying to say here. Are there > differences or not? You're on to something. I have over 500 groups in my token in the old domain, but only half of those end up in the token when I'm logged in on the machine in the new domain (at least as far as Cygwin is concerned as obviously I can still access the files when I'm actually trying). I scheduled an audience with one of the AD guys some time next week, he thinks he can explain why that happens and hopefully it's something that can be fixed on the AD side. Eventually I'll have my account migrated to the new domain later this year anyway at which point these sort of problems should go away, but at least for the next two months I'll have to stick it out. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple