DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 3301E385802C
Message-ID: <9a7b2d8e-3e86-b36c-c5a2-d6eb24c56e7f@onevision.de>
Date: Tue, 18 Jan 2022 21:22:27 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.0
To: cygwin AT cygwin DOT com
From: Roland Schwingel <roland DOT schwingel AT onevision DOT de>
Subject: permissions problems with files on samba share
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

Hi ...

It is 2022 and there are still people out in the wild running 1.7. They 
don't want to but had to and are now on the way to cygwin 3.3.3. It was 
a hard long way, but we are nearly there now. But only nearly. There are 
some problems left. One of it is user mapping between samba/linux users 
to windows/cygwin users. All our homeaccounts reside on a linux server 
running samba. The samba is not running in AD mode, but in traditional 
domain mode and is backed by a quite big LDAP. We are always logged in 
with our domain accounts.

Now I try to seek help here as I already have spent hell a lot of time 
on this.

Up to now we still run cygwin 1.7.35 and are going now to 3.3.3 (64bit).
The new cygwin runs on windows 10/11 together with the old cygwin 1.7 
(seperated from each other - not running the same time) on the same 
machine for testing.

We can read files from the homeaccounts without problem, but 
writting/deleting files is not that easy from the new cygwin. With the 
old cygwin 1.7 everything is still fine - in this regard.

With cygwin 1.7 we had /etc/passwd and /etc/groups in place. With 3.3.3 
we use /etc/nsswitch.conf. Creating /etc/passwd on the new 3.3.3 did not 
change a thing. The CYGWIN envvar is empty on both installs.

View of a sample folder in my homeaccount (~/test):
native linux:
# ls -al ~/test
total 36
drwxrwxr-x+  2 roland develop  4096 Jan 18 20:16 .
drwxr-xr-x  84 roland develop 20480 Jan 18 20:17 ..
-rw-rwxr--+  1 roland develop     5 Jan 14 12:27 some_file

cygwin 1.7.35
$ls -al ~/test
total 1024
drwxr-xr-x 1 roland develop 0 Jan 18 20:16 .
drwxr-xr-x 1 roland develop 0 Jan 18 20:17 ..
-rwxr-xr-x 1 roland develop 5 Jan 14 12:27 some_file

slightly different permissions for some_file but ok so far.

cygwin 3.3.3
$ls -al ~/test
total 1024
drwxr-xr-x+ 1 Unix_User+1000 Unix_Group+1001 0 Jan 18 20:16 .
drwxr-xr-x+ 1 Unix_User+1000 Unix_Group+1001 0 Jan 18 20:17 ..
-rw-r--r--  1 Unix_User+1000 Unix_Group+1001 5 Jan 14 12:27 some_file

permissions are different again and owners/groups are different at all!
This also has effects on fileprocessing in cygwin. I know this behaviour 
from old cygwin with no /etc/passwd in place.

Here is the /etc/nsswitch.conf from 3.3.3:
# /etc/nsswitch.conf
#
#    This file is read once by the first process in a Cygwin process tree.
#    To pick up changes, restart all Cygwin processes.  For a description
#    see https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch
#
# Defaults:
passwd:   files db
group:    files db

#db_enum: cache builtin
db_enum:  cache builtin local primary
db_home:  /%H
db_shell: /bin/bash
db_gecos: windows

getent passwd on 3.3.3:
$getent passwd
roland:*:1049576:1049577:Roland 
Schwingel,U-ONEVISION\roland,S-1-5-21-123-456-789-1000://subnet-homes/User/roland:/bin/bash
SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash
SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash
LOCAL SERVICE:*:19:19:U-NT AUTHORITY\LOCAL SERVICE,S-1-5-19:/:/sbin/nologin
NETWORK SERVICE:*:20:20:U-NT AUTHORITY\NETWORK 
SERVICE,S-1-5-20:/:/sbin/nologin
Administrators:*:544:544:U-BUILTIN\Administrators,S-1-5-32-544:/:/sbin/nologin
NT SERVICE+TrustedInstaller:*:328384:328384:U-NT 
SERVICE\TrustedInstaller,S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:/:/sbin/nologin
DEVRYZEN-02+Administrator:*:197108:197121:U-DEVRYZEN-02\Administrator,S-1-5-21-3089862167-1060948595-489759208-500:/vol/c/Users/Administrator:/bin/bash
DEVRYZEN-02+DefaultAccount:*:197111:197121:U-DEVRYZEN-02\DefaultAccount,S-1-5-21-3089862167-1060948595-489759208-503:/:/bin/bash
DEVRYZEN-02+Guest:*:197109:197121:U-DEVRYZEN-02\Guest,S-1-5-21-3089862167-1060948595-489759208-501:/:/bin/bash
DEVRYZEN-02+IT:*:197609:197121:IT 
department,U-DEVRYZEN-02\IT,S-1-5-21-3089862167-1060948595-489759208-1001:/vol/c/Users/IT:/bin/bash
DEVRYZEN-02+me:*:197610:197121:Test 
user,U-DEVRYZEN-02\me,S-1-5-21-3089862167-1060948595-489759208-1002:/vol/c/Users/me:/bin/bash
DEVRYZEN-02+WDAGUtilityAccount:*:197112:197121:U-DEVRYZEN-02\WDAGUtilityAccount,S-1-5-21-3089862167-1060948595-489759208-504:/:/bin/bash

My account on 1.7.35 in /etc/passwd:
roland:unused:11000:11001:Roland 
Schwingel,U-ONEVISION\roland,S-1-5-21-123-456-789-1000://subnet-homes/User/roland:/bin/bash

cygwin 3.3.3:
mkpasswd -b -l my-pdc | grep roland:
roland:*:4244636648:4244636649:Roland 
Schwingel,U-ONEVISION\roland,S-1-5-21-123-456-789-1000://subnet-homes/User/roland:/bin/bash

Putting the /etc/passwd from 1.7.35 in 3.3.3 did not help at all.
As you can see the uid/gids are different for the 2 versions for the 
same user.

What am I doing wrong here? I need to access the files on the 
sambashares like in 1.7.

I also observed that listing files on the samba shares is notably slower 
on 3.3.3 compared to 1.7.35. I tested this a couple of times:

time ls -al ~/ >/dev/null
is about 0.2 seconds in 1.7 and about 1 second in 3.3. Maybe this is 
related to the permission problems. Anyhow I fear 3.3.3 is a lot slower 
than 1.7 on the same machine. Benchmarks are pending.

Hope someone can help! Thanks.

Roland

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple