From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29086 invoked by alias); 22 Jul 2008 21:19:39 -0000 Received: (qmail 29061 invoked by uid 22791); 22 Jul 2008 21:19:38 -0000 X-Spam-Check-By: sourceware.org Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.31.1) with ESMTP; Tue, 22 Jul 2008 21:19:21 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id E969B6D4355; Tue, 22 Jul 2008 23:19:31 +0200 (CEST) Date: Tue, 22 Jul 2008 21:19:00 -0000 From: Corinna Vinschen To: cygwin-apps@cygwin.com Subject: Re: New Cygwin 1.7.0-18 in release-2 Message-ID: <20080722211931.GA27080@calimero.vinschen.de> Reply-To: cygwin-apps@cygwin.com Mail-Followup-To: cygwin-apps@cygwin.com References: <20080717155516.GC5675@calimero.vinschen.de> <487FE13C.4020908@byu.net> <20080718073440.GA22938@calimero.vinschen.de> <20080718075451.GB22938@calimero.vinschen.de> <20080718080953.GD22938@calimero.vinschen.de> <20080718120934.GB24731@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080718120934.GB24731@calimero.vinschen.de> User-Agent: Mutt/1.5.16 (2007-06-09) Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com X-SW-Source: 2008-07/txt/msg00104.txt.bz2 On Jul 18 14:09, Corinna Vinschen wrote: > > > > On Jul 17 18:18, Eric Blake wrote: > > > > > Somewhere between setting obcaseinsensitive to 0 yesterday and upgrading > > > > > to the new cygwin1.dll today, I'm now suffering from an inability to > > > > > modify files on a shared drive on my work machine. I can create empty > > > > > files and remove existing files just fine, but get access denied on any > > > > > attempt to change contents. The -1 for owner and group looks fishy as > > > > > well. > [...] > The real problem is exactly what I describe in the comment in > fhandler_base::open(). Apparently, creating the file and sending the > security descriptor to the server is a two step approach. So Samba > creates the file first, and then, afterwards, Windows sends the request > to change the security descriptor of the file. Now Samba can't map > SID->uid and returns STATUS_ACCESS_DENIED. But there seems to be no > knowledge that the two actions are actually one system call in Windows. > So Samba doesn't remove the file, but still, NtCreateFile failed. > Bummer. > > I have a local workaround which I'll apply in a minute. > > However, I never really understood why the mapping from the Windows > SID to the UNIX user fails, even though the user has been successfully > authenticated before. I have written a clueless mail to the samba > developers list. Maybe they can enlighten me. They don't so far. However, as a side note, with "acl" on, you currently don't see user/group info in `ls -l', if your machines are not in fully Windows domain integrated. With the latest incarnation of mkpasswd and mkgroup (from CVS, not fully functional in 1.7.0-20), you can now ask your Samba machine for their passwd and group information: $ mkpasswd -L samba-machine >> /etc/passwd $ mkgroup -L samba-machine >> /etc/group At least this works for me. Unfortunately Samba doesn't enumerate the UNIX user and group information from its own /etc/passwd and /etc/group files. For instance the user "root" is S-1-22-1-0, the group "root" is S-1-22-2-0. That's what you see in the Windows Explorer Security tab as "Unix User\root" and "Unix Group\root". Apparently these are never enumerated, only returned in calls to LookupAccountSid and LookupAccountName. HTH, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat