From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 76388 invoked by alias); 22 Apr 2015 00:58:44 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 76372 invoked by uid 89); 22 Apr 2015 00:58:44 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.3 required=5.0 tests=AWL,BAYES_50,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: zimbra-new.ceos.com.au Received: from mail3.ceos.com.au (HELO zimbra-new.ceos.com.au) (203.214.65.134) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Wed, 22 Apr 2015 00:58:40 +0000 Received: from localhost (localhost [127.0.0.1]) by zimbra-new.ceos.com.au (Postfix) with ESMTP id A3EECC280B1 for ; Wed, 22 Apr 2015 10:58:36 +1000 (AEST) Received: from zimbra-new.ceos.com.au ([127.0.0.1]) by localhost (zimbra-new.ceos.com.au [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id xQ4aMo5clrp1 for ; Wed, 22 Apr 2015 10:58:35 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by zimbra-new.ceos.com.au (Postfix) with ESMTP id 6A692C280A9 for ; Wed, 22 Apr 2015 10:58:35 +1000 (AEST) Received: from zimbra-new.ceos.com.au ([127.0.0.1]) by localhost (zimbra-new.ceos.com.au [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id VNULfPRDuD0g for ; Wed, 22 Apr 2015 10:58:35 +1000 (AEST) Received: from zimbra-new.ceos.com.au (zimbra-new.ceos.com.au [172.17.2.3]) by zimbra-new.ceos.com.au (Postfix) with ESMTP id 51D06C280B1 for ; Wed, 22 Apr 2015 10:58:35 +1000 (AEST) Date: Wed, 22 Apr 2015 00:58:00 -0000 From: John Orr To: cygwin Message-ID: <1277097406.207429.1429664315268.JavaMail.zimbra@ceos.com.au> In-Reply-To: <20150421085053.GW3657@calimero.vinschen.de> References: <1883631812.201190.1429592754813.JavaMail.zimbra@ceos.com.au> <20150421085053.GW3657@calimero.vinschen.de> Subject: Re: File owner set to Unknown+User on cygwin 1.7.35 via samba 3.6.6 on debian MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2015-04/txt/msg00519.txt.bz2 Thank you Corinna, for this and all your other fantastic work for the cygwin community. >> Looking at files in my home directory on my debian host mounted via >> samba gives this kind of output: >> >> #: john@johndesktop:~ ; ls -l /cygdrive/l/.bashrc >> -rw-r--r-- 1 Unknown+User john 3833 Aug 22 2013 /cygdrive/l/.bashrc >> >> On the debian host, I am: >> #: john@johnwl:~ ; id >> uid=1000(john) gid=1000(john) >> groups=1000(john),4(adm),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev) >> >> On cygwin, I got this from the SAM database: >> #: john@johndesktop:~ ; net user john >> User name john >> [...] >> >> I'm not sure how the group is being translated to "john" in the ls >> command above with an empty comment field, but that's just good, I >> suppose. (It's possible I did this when trying to fix this problem a >> month ago, but I can't work out what did it.) > > That would be nice to know. It might be an entry in your /etc/group > file, along the lines of > > john:S-1-22-2-1000:4278190180: > > (Note the special UNIX SID) Thanks. First up - when I first read of all the changes to permissions, I thought I read that the /etc/passwd and /etc/group files should no longer be necessary, and I thought I'd deleted them, intending to start a fresh and do things the new way. Indeed, I have passwd.bak and group.bak files probably from where I did this - but somehow or other, it seems I had created new versions of these files anyway. Perhaps it was my floundering around trying to resolve this problem whilst having trouble, I'm not sure. Anyway - since these things will no doubt mean more to you, for the sake of completeness in understanding what I already posted, I had: /etc/passwd SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash LOCAL SERVICE:*:19:19:U-NT AUTHORITY\LOCAL SERVICE,S-1-5-19:/:/sbin/nologin NETWORK SERVICE:*:20:20:U-NT AUTHORITY\NETWORK SERVICE,S-1-5-20:/:/sbin/nologin Administrators:*:544:544:U-BUILTIN\Administrators,S-1-5-32-544:/:/sbin/nologin NT SERVICE+TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:/:/sbin/nologin Administrator:*:197108:197121:U-JOHNDESKTOP\Administrator,S-1-5-21-775725812-2182925691-3402384268-500:/home/Administrator:/bin/bash Guest:*:197109:197121:U-JOHNDESKTOP\Guest,S-1-5-21-775725812-2182925691-3402384268-501:/home/Guest:/bin/bash john:*:197608:545:U-JOHNDESKTOP\john,S-1-5-21-775725812-2182925691-3402384268-1000:/home/john:/bin/bash john:*:4294967295:4278191080:S-1-22-1-545 /etc/group: SYSTEM:S-1-5-18:18: NT SERVICE+TrustedInstaller:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:328384: Administrators:S-1-5-32-544:544: Backup Operators:S-1-5-32-551:551: Cryptographic Operators:S-1-5-32-569:569: Distributed COM Users:S-1-5-32-562:562: Event Log Readers:S-1-5-32-573:573: Guests:S-1-5-32-546:546: IIS_IUSRS:S-1-5-32-568:568: Network Configuration Operators:S-1-5-32-556:556: Performance Log Users:S-1-5-32-559:559: Performance Monitor Users:S-1-5-32-558:558: Power Users:S-1-5-32-547:547: Remote Desktop Users:S-1-5-32-555:555: Replicator:S-1-5-32-552:552: Users:S-1-5-32-545:545: Debugger Users:S-1-5-21-775725812-2182925691-3402384268-1001:197609: None:S-1-5-21-775725812-2182925691-3402384268-513:197121: john:S-1-5-32-545:4278191080: > What are your /etc/nsswitch.conf settings? #: john@johndesktop:/etc ; cat nsswitch.conf # /etc/nsswitch.conf # # This file is read once by the first process in a Cygwin process tree. # To pick up changes, restart all Cygwin processes. For a description # see https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch # # Defaults: # passwd: files db # group: files db # db_home: cygwin desc # db_shell: cygwin desc # db_gecos: cygwin desc #: john@johndesktop:/etc ; > So, what does `id' print for you? #: john@johndesktop:~ ; id uid=197608(john) gid=545(Users) groups=545(Users),197121(None),114(Local account and member of Administrators group),544(Administrators),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local account),4095(CurrentSession),66048(LOCAL),262154(NTLM Authentication),405504(High Mandatory Level) > What does `getent group john' print? #: john@johndesktop:~ ; getent group john john:S-1-5-32-545:4278191080: > Do you have an /etc/group > file by any chance, which does the name translation? Yup :/ >> Since I don't seem to be a member of Users (as mentioned in ntsec >> doco), but only Administrators, > > No, that's not the case. All user are members in the Users group. `net > localgroup Users' should show this. Ok, that makes sense - I guess I was confused by the lines in my previously posted 'net user john' output saying: Local Group Memberships *Administrators Global Group memberships *None Why no mention of Users? Also: #: john@johndesktop:~ ; net localgroup Users Alias name Users Comment Members ------------------------------------------------------------------------------- NT AUTHORITY\Authenticated Users NT AUTHORITY\INTERACTIVE The command completed successfully. (I can check with our Windows sysadmin about this if you like.) > However, your *real* primary group > as a local user is the group called "None" (unless you're using a > "Microsoft Account", but that doesn't seem to be the case here). Said sysadmin confirmed it's a standalone machine - though I don't know what a "Microsoft Account" is I don't think... For the record, I'll share my confusion that if my real group is None, I don't know why I get this: #: john@johndesktop:~ ; net localgroup None System error 1376 has occurred. The specified local group does not exist. #: john@johndesktop:~ ; net group None This command can be used only on a Windows Domain Controller. More help is available by typing NET HELPMSG 3515. #: john@johndesktop:~ ; NET HELPMSG 3515 This command can be used only on a Windows Domain Controller. > You can change your primary group to another one in Cygwin, but you have > to make sure this group is in your user token. The Administrators group > is not in the user token in a normal shell, unless you elevate it ("run > as admin...") so using None or Users is much more safe. Ok - sounds good. I've no desire to change primary groups - just to get things working... > For getting this stuff working it might be better to start out by removing > all these settings and start from scratch, looking what's there and what's > not (passwd, group files, nsswitch.conf settings). Totally agree (and as I say, this was my original thought too). Removing passwd and group immediately changes my output to #: john@johndesktop:/etc ; ll /cygdrive/l/.bashrc -rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22 2013 /cygdrive/l/.bashrc >> I figured the commands I should run to >> match my debian box would be >> >> #: john@johndesktop:~ ; net user john /comment:'> unix="1000"/>' >> The command completed successfully. > > Hmm, that should do it, in theory. Ok... but since I have 'net user john' giving Comment and 'net localgroup Administrators' giving Comment - but I'm still getting the output #: john@johndesktop:~ ; ls -l /cygdrive/l/.bashrc -rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22 2013 /cygdrive/l/.bashrc whilst I thought I'd done all I needed to. Could the problem be that I'm somehow not in Users, but as you say, Administrators is not - let's say 'functional' - in my xterm, so the mapping isn't working? Ah - but 'id' says my gid is Users, so no, I guess. > I just tried this on one of my > machines with a local account, and while the "home" and "shell" settings > require "db_home: desc" or "db_shell: desc" in nsswitch.conf, the "unix" > setting works fine for me without any change to nsswitch.conf. > > However, I wonder... > > Yes, that may be the problem here. Do you have an /etc/passwd file > with your user entry, and is the nsswitch.conf passwd setting either > > passwd: files db > > or commented out (which amounts to the same)? Yes... > If so, the passwd entry shadows the request for user information from > the account DB (SAM in your case), and the description settings in > SAM are never read. For testing, set nsswitch.conf to > > passwd: db > group: db > > and try again. Ok > But make sure to remove the "group=Administrors" first. I presume you mean to remove it from my comment in 'net user john' - ie run #: john@johndesktop:/etc ; net user john /comment:'' The command completed successfully. #: john@johndesktop:/etc ; ls -l /cygdrive/l/.bashrc -rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22 2013 /cygdrive/l/.bashrc Anyway - sorry for the length of all this, I'm just trying to be thorough, just in case there's something useful to be learned that might help others. My primary goal is to get things working, the simplest, or most correct, way - but I'm clearly not there yet for some reason. If my Windows group is indeed Users as id reports, then should this be working? #: john@johndesktop:/etc ; ls /etc/passwd /etc/group /etc/nsswitch.conf ls: cannot access /etc/passwd: No such file or directory ls: cannot access /etc/group: No such file or directory ls: cannot access /etc/nsswitch.conf: No such file or directory #: john@johndesktop:/etc ; net user john /comment:'' The command completed successfully. #: john@johndesktop:/etc ; net localgroup Users /comment:'' The command completed successfully. #: john@johndesktop:/etc ; ls -l /cygdrive/l/.bashrc -rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22 2013 /cygdrive/l/.bashrc given id on my debian box gives #: john@johnwl:~ ; id uid=1000(john) gid=1000(john) groups=1000(john),4(adm),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev) Further thoughts/suggestions/requests? Thanks again, John -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple