From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 21783 invoked by alias); 12 Mar 2014 09:16:53 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 21683 invoked by uid 89); 12 Mar 2014 09:16:53 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 12 Mar 2014 09:16:51 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 3E6F18E046F; Wed, 12 Mar 2014 10:16:49 +0100 (CET) Date: Wed, 12 Mar 2014 09:27:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Testers needed: New passwd/group handling in Cygwin Message-ID: <20140312091649.GD8066@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <20140310191603.GH28681@calimero.vinschen.de> <87iorlsvvn.fsf@Rainer.invalid> <20140311102007.GJ28681@calimero.vinschen.de> <20140311130716.GB21306@calimero.vinschen.de> <20140311154750.GP28681@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/e2eDi0V/xtL+Mc8" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-SW-Source: 2014-03/txt/msg00196.txt.bz2 --/e2eDi0V/xtL+Mc8 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1931 On Mar 11 17:12, Achim Gratz wrote: > Achim Gratz NexGo.DE> writes: > > Exactly. But as revealed above, what was really missing is the > > Administrators group. Somehow, when "files" is in effect, that mapping > > doesn't seem to exist unless it is explicitly listed in the file. It d= oes > > get auto-created when I use _only_ the "db". I hope that somehow makes > sense... >=20 > I guess it does: the mapping that gets created from AD is sometimes 10491= 20 > instead of 544. That depends on the settings in nsswitch.conf and whether > an /etc/group file exists at all or contains an entry for Administrators. Argh! What about *details* which allow to reproduce this behaviour. In my environment I *never* see the admins group being produced with a GID of 1049120. And it doesn't make any sense at all. The UID/GID values starting with 0x100000 are reserved for accounts of the primary domain. The admins account is *never* an account of the primary domain because its SID doesn't start with S-1-5-21-YOUR-DOMAIN-SID. Rather it's a builtin account with SID 1-5-32-544, which always gets converted to UID/GID 544. [...time passes...] Hmm. The only reason I can see which would allow to generate the GID 1049120 is, if your account has a primaryGroupID of 544 in AD, but that *should* be impossible. The AD user properties dialog doesn't allow to set the primary group to a builtin group... unless you set this in the attribute editor. This is totally unexpected by Cygwin. From AD it just gets a RID value, and it simply adds this to the primary domain offset 0x100000. Ok, so, here's the question. Is your primaryGroupID in AD 544? If not, you will have to explain to me how this happens. I have found no other way to reproduce this. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --/e2eDi0V/xtL+Mc8 Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTICYBAAoJEPU2Bp2uRE+galQQAIMnVXIknaUxzcn3LLxlLAzb 4UcyW3cyBr/YU3dFKptiyji0Aauj7qz6pMIvYJSHF46mhBNz0f1k4Ev6Ffvch09L HaI7GjE0fVzELBF6B3iAkjOs7B1G+Z8gbjfTygtMa8URS8pcEun4YkHJtjNxIT+j MHui4NeyT7TOx19amjdUCkjnRAHykf/a4TMraRq/69PNRVfpeS4mQXJ0zKzo1Clr HhnX3xs4iDMoie+SkEm2caAdafQZm0lYhOKrB4zpAGaRdjgBZkx988Dkmxw2+0F8 dhs4RK5YlVxfBFmXujmHxPcU8eCd75GfC5MfIMAwh6agLN6xZpuBgfhKi3hJjoYp 5olv2szmjVCKKoV5+h5MhGkUWE+TWc+llIFqTmT80m0uDY3bMVUd7Rsei6XxglY4 0yJyVi/K/F0AQ/50eOMQt/dS729i9JrXAZBO3w+pi0kJ22i1NPJVzpzQG5sN60u2 iq6ZQwrDde2uIb0sg00jgbcWJHEgFoDiWCQGQRhBByqhhJaahhZs4DSO6GTei7iJ bTgGa7Z2cfrdkill5KYfCGclhGrPR/V0OgkNtEVodCX6Yz45IMNmHzWJBZWs+orJ M4QmucZ/Lyl95/WZHcd6s5inFjxGAy2W3f+U2abmCteW89eOooRzINNWeTl2dBV2 FJ3A91NULX4dnl5SIuQn =N+E4 -----END PGP SIGNATURE----- --/e2eDi0V/xtL+Mc8--