Re: Windows to Cygwin username mapping: Domain before local account when duplicate name?
- Date: Fri, 15 Feb 2019 13:59:46 -0700
- From: Bill Stewart <bstewart@xxxxxxxxx>
- Subject: Re: Windows to Cygwin username mapping: Domain before local account when duplicate name?
On Fri, Feb 15, 2019 at 1:43 PM Corinna Vinschen wrote:
> More specific as the original text? I'm hard pressed to accomplish
> that. Take note of the "domain member machine" property.
I think I see the problem. The list I posted (above the one you are
apparently referring to) has the search in a different order.
The section that starts with "Let's discuss the SID<=>uid/gid mapping
first. Here's how it works." states this order:
* Well-known SIDs in the NT_AUTHORITY domain of the S-1-5-RID type
* Other well-known SIDs in the NT_AUTHORITY domain (S-1-5-X-RID)
* Other well-known SIDs
* Logon SIDs
* Accounts from the local machine's user DB (SAM)
* Accounts from the machine's primary domain
* Accounts from a trusted domain of the machine's primary domain
In this list, local machine accounts are listed before domain accounts.
Underneath that, there's a second section with examples that starts
with "Now we have a semi-bijective mapping..." that has this order:
* Well-known and builtin accounts will be named as in Windows:
"SYSTEM", "LOCAL", "Medium Mandatory Level", ...
* If the machine is not a domain member machine, only local accounts
can be resolved into names, so for ease of use, just the account names
are used as Cygwin user/group names:
"corinna", "bigfoot", "None", ...
* If the machine is a domain member machine, all accounts from the
primary domain of the machine are mapped to Cygwin names without
"corinna", "bigfoot", "Domain Users", ...
while accounts from other domains are prepended by their domain:
"DOMAIN1+corinna", "DOMAIN2+bigfoot", "DOMAIN3+Domain Users", ...
* Local machine accounts of a domain member machine get a Cygwin user
name the same way as accounts from another domain: The local machine
name gets prepended:
"MYMACHINE+corinna", "MYMACHINE+bigfoot", "MYMACHINE+None", ...
* If LookupAccountSid fails, Cygwin checks the accounts against the
known trusted domains. If the account is from one of the trusted
domains, an artificial account name is created. It consists of the
domain name, and a special name created from the account RID:
In the second list, it says domains are first before the local machine.
I was assuming the first section is an orderly sequence of searching,
since that's usually how Windows works.
The second section with the examples seems to be a different order,
and would seems to be the order Cygwin actually uses.
I was just wondering if that's by design or by accident, since it's
different from the typical order.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple