X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:cc
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=gPYKBD0lItBjuG/V
	SAA7lYR9ieSXVFD7vnrpIwH7yg7lYc99D3XbeFWf9IlWJdZ2rklIFhRhmvwZa8U0
	luHHN2OeJaNqgBY05srodqLLMC2szriwVIQ8iwcrhIzIQIsoAWi8GYH+Lwm8lMpN
	O/Y1aKoKYwT1th40P34HitrcEPk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:cc
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=vpxnFLS6GGyN/fH7e6L7qg
	x7Z98=; b=h2SdvskhXb/SIDBBomW98pA9wESoKabzapAKW82WWvzbVrbfgU546+
	0F08DvtL23Nd0d58Vax/a83Ut3/aRb9ocUfkZMJBAkc3p7tmhD0AyXhGXKsyHHgn
	8unAB8kExsLfbJTmtUB2jID9u3hxMdvoMdx1CEyZsxog7qs1h5Y/8=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-6.2 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2 autolearn=ham version=3.3.1 spammy=linda, Win, Media, Login
X-HELO: Ishtar.sc.tlinx.org
Message-ID: <5D58ABB7.9000303@tlinx.org>
Date: Sat, 17 Aug 2019 18:36:55 -0700
From: L A Walsh <cygwin AT tlinx DOT org>
User-Agent: Thunderbird
MIME-Version: 1.0
To: David Karr <davidmichaelkarr AT gmail DOT com>
CC: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject: Re: Win7 system update hosed something in Cygwin
References: <CAA5t8VocmswTXD4Y7QLxe1NkbZ0Jj+Nt40dFXjHF+9cTP8zW3A AT mail DOT gmail DOT com> <5D571D62 DOT 5040104 AT tlinx DOT org> <CAA5t8VqUViA6Ztx+5U-kcjTebXZ2QkvQnJcRkUGZF2irBdineQ AT mail DOT gmail DOT com> <CAA5t8VoyaUfCef0dQ4cCwQimcJA-vCDvoDz8u9vPy5CPP5xKWg AT mail DOT gmail DOT com>
In-Reply-To: <CAA5t8VoyaUfCef0dQ4cCwQimcJA-vCDvoDz8u9vPy5CPP5xKWg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes



On 2019/08/16 18:44, David Karr wrote:
>
> 
>     I would most like to understand what changed to make this suddenly
>     start happening.
----
	You really need to read the cygwin section on nt-security.
in the user manual @ https://www.cygwin.com/cygwin-ug-net/ntsec.html.

	If you are into things appearing a certain way -- I think you
will really find this invaluable.  It also gives background and why
things changed.  

	As for how or why a windows update changed a behavior
in cygwin -- MS doesn't released documentation in that detail.

	I came up with my mappings on my linux/samba box because
I have a pretty simple setup.  But I wanted the common well-known
ID's in there so they would also make some sense:
From the very generic sids:

Null Authority:x:10010:S-1-0,builtin:
Nobody:x:10100:S-1-0-0,builtin:
World Authority:x:10101:S-1-1,builtin:
Everyone:x:11100:S-1-1-0,builtin:
Local Authority:x:10102:S-1-2,builtin:
...
to my domain id's:
Domain Administrator:x::S-1-5-21-33333-77777-33333-500,domain:
Domain Admins:x::S-1-5-21-33333-77777-33333-512,domain:
Domain Users:x::S-1-5-21-33333-77777-33333-513,domain:
...
to local roles:
Administrators:x::S-1-5-32-544,builtin:
Users:x::S-1-5-32-545,builtin:
Backup Operators:x::S-1-5-32-551,builtin:
...
and authentication + trust labels:
NTLM Authentication:x::S-1-5-64-10,builtin:
Schannel Authentication:x::S-1-5-64-10,builtin:
NT Service:x::S-1-5-80,builtin
Untrusted Mandatory Level:x::S-1-16-0,builtin:
Low Mandatory Level:x:11604096:S-1-16-4096,builtin:
High Mandatory Level:x:11612288:S-1-16-12288,builtin:
System Mandatory Level:x:11616384:S-1-16-16384,builtin:

	So in cygwin, when I display my 'id' output, I see the various
groups and labels on my userid:
 
uid=5013(Bliss\law) gid=201(Bliss\lawgroup) groups=201(Bliss\lawgroup), 1015(lawgroup), 1018(Netmon Users), 1017(pulse-access), 1016(pulse-rt), 1023(WinRMRemoteWMIUsers__), 544(Administrators), 555(Remote Desktop Users), 559(Performance Log Users), 545(Users), 11504(Interactive), 11201(Console Login), 11511(Authenticated Users), 4095(CurrentSession), 66048(LOCAL), 260(Bliss\Media), 512(Bliss\Domain Admins), 513(Bliss\Domain Users), 1053(Bliss\Trusted Local Net Users), 1156410(NTLM Athentication), 11612288(High Mandatory Level)

If you look at your security blob using something like 'processhacker' (goog),
you can see all those labels on your login.  Setup right, you also see them
in your cygwin shell, which I thought was cool (being a computer scientist).

Sorry if this was too much, I can't say my setup is necessarily
recommended, BUT, I wanted my Win+linux machines to be joined as
1 machine (all my docs & content is on the linux box, with progs on
my Win Desktop box) joined by a 10gbit ethernet cable:



> I've been running this Cygwin installation for a long time on this
> laptop without any problem like this.


Yeah, you get used to a well tuned setup (though mine does often
have problems because of the weird things I've tried).

-linda



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple