Web lists-archives.com

Re: incompat in cygwin choice of using '+' as domain and user separator.

On Aug 27 11:09, Corinna Vinschen wrote:
> On Aug 26 20:32, L A Walsh wrote:
> > On 8/23/2018 1:11 AM, Corinna Vinschen wrote:
> > ...
> > > No, that's a wrong assumption.  Think about it.  The ACL given to
> > > acl_to_text is the binary form, so it doesn't contain user or group
> > > names, only uids and gids.  The usernames are only generated in the
> > > output.
> > ---
> > 	Rats.  Of course, you're right.  	Then I nominate the problem being that it
> > can't convert from domain "Unknown"-user + "Unknown"-group to something it
> > can store in tar.
> The problem with unknown SIDs is that there's no bijective
> transformation between SID <-> uid/gid.  You get the uid/gid -1 and
> then... what?  How do you restore the information?  There's no SID for
> uid/gid -1.
> > As far as duplication, I have /etc/passwd+/etc/group files that mirror my
> > accounts on the linux-based PDC (samba 3.x).
> What for?  This should work automatically and you would get rid of those
> dreaded backslashes in the account names.  Using passwd/group files also
> have a higher probability of account overlap with weird results.
> Passwd and group files should only be used if you have very specific
> problems to solve (like offline usage or see below), otherwise just use
> the values you get from the account DBs.
> > In this case, that user+group appear to correspond
> > to non-existent users. (S-1-5-21-oldsystem-ID-1001 + -1005).
> > The domain/system part appears to be from some previous
> > value for the machine's "sid"?  Not sure how to deliberately
> > reproduce that, but maybe you have a tool to create an
> > invalid acl entry for a user like: Unknown+User:*:4294967295:4294967295:S-1-5-21-3457732827-2369206082-2151550420-1001
> > in /etc/passwd.
> > and something similar in /etc/group?

Actually, I just did that.  I added a user and a group to the files with
weird SIDs, then I switched /etc/nsswitch.conf to "db" only.  With
different ACLs (created by Cygwin, created by native Windows) there are
different results.  The problem is that uid/gid -1 can be created as a
file ACL entry *and* at the same time have the meaning of "don't look
for the uid/gid" when checking the ACL for validity.  To make matters
worse, if you have multiple ACEs of unknown users, the resulting ACL is
*always* invalid.

Bottom line is, there are at least two bugs here in Cygwin.  I'm looking
into a fix.

> If you want to keep the old, unknown accounts, just add them to
> your passwd and group files (one of those special problems).
> Alternatively remove them from all ACLs.

For the time being, use the above workaround.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature