Re: update trouble 1.7.35 - Corinna Vinschen

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: update trouble 1.7.35
Date: Tue, 24 Mar 2015 17:03:00 -0000	[thread overview]
Message-ID: <20150324164850.GY3017@calimero.vinschen.de> (raw)
In-Reply-To: <33EC3398272FBE47B64EE3B3E98F69A76C41502F@de011521.schaeffler.com>

[-- Attachment #1: Type: text/plain, Size: 4368 bytes --]

On Mar 24 16:25, Lemke, Michael  ST/HZA-ZSW wrote:
> On March 24, 2015 4:50 PM Corinna Vinschen wrote:
> >On Mar 24 15:19, Lemke, Michael  ST/HZA-ZSW wrote:
> >> C:\NCygwin\bin>cat ..\etc\nsswitch.conf
> >> passwd: files
> >> group: files
> >> 
> >> C:\NCygwin\bin>getent passwd %USERNAME%
> >> lemkemch:unused:12729:10513:U-INA-DE01\lemkemch,S-1-5-21-1373454394-1654746546-1
> >> 846952604-2729:/home/lemkemch:/bin/tcsh
> >
> >Is that what you have in /etc/passwd?
> 
> Oops, thought I also showed passwd:
> 
> C:\NCygwin\bin>cat ..\etc\passwd
> lemkemch:unused:12729:10513:U-INA-DE01\lemkemch,S-1-5-21-1373454394-1654746546-1846952604-2729:/home/lemkemch:/bin/tcsh
> 
> >
> >> C:\NCygwin\bin>id
> >> uid=4294967295(Unknown+User) gid=4294967295(Unknown+Group) groups=545(Users),555
> >> (Remote Desktop Users)
> >
> >what does `mkpasswd -d | grep -i lemkemch' print?
> 
> C:\NCygwin\bin>mkpasswd -d | grep -i lemkemch
> lemkemch:*:1175788:1049089:XXXXXXXX\lemkemch,S-1-5-21-435809281-806517502-2525237208-127212:/home/lemkemch:/bin/bash

Ouch.  Your user SID from AD is different to the one in /etc/passwd.

> Note that "they" did a domain switch here at some point.  My installation 
> is really old and the passwd certainly is from before that domain change.

That explains it.  Please recreate your /etc/passwd and /etc/group
files with mkpasswd and mkgroup, or, even better, just discard them.

The problem is the domain switch which also changed the SID of your user
account.  The old SID, which you also have in your passwd, is not
returned by the server anymore.  But it's stored in your SID history in
AD and when asking for it you get an answer.

> >> Anything else you'd like me try?
> >
> >Can you change /etc/nsswitch.conf to "db" only, stop all cygwin
> >processes and restart a shell?  What does `getent passwd %USERNAME%'
> >and `id' print now?  How does an strace of this getent call look like?
> 
> C:\NCygwin\bin>vi ..\etc\nsswitch.conf
> 
> C:\NCygwin\bin>cat ..\etc\nsswitch.conf
> passwd: db
> group: db
> 
> C:\NCygwin\bin>getent passwd %USERNAME%
> lemkemch:*:1175788:1049089:XXXXXXX\lemkemch,S-1-5-21-435809281-806517502-25
> 25237208-127212:/home/lemkemch:/bin/bash
> 
> C:\NCygwin\bin>id
> uid=1175788(lemkemch) gid=1049089(Domain Users) groups=1049089(Domain Users),...
> many many groups I don't like to post here.

So it works.  That's cool.  I'd suggest to throw away your passwd and
group files and live happily ever after.

> > I'm grabbing for straws...
> 
> I noticed something else: With nsswitch.conf db:
> 
> > ls -l
> ...
> -rw-rwxr--+ 1 lemkemch OLDDOMAIN+Domain Users      10057 Oct 21  2013 testresults.xml
> drwxr-xr-x+ 1 lemkemch OLDDOMAIN+Domain Users          0 Nov  9  2010 tidy4aug00
> drwxrwxr-x+ 1 lemkemch Domain Users                   0 May 14  2014 tinymce
> drwxr-xr-x+ 1 lemkemch OLDDOMAIN+Domain Users          0 Jan 13  2012 tomahawk-1.1.11
> ...
> > ls -ln
> ...
> -rw-rwxr--+ 1 1051305 1073742337      10057 Oct 21  2013 testresults.xml
> drwxr-xr-x+ 1 1051305 1073742337          0 Nov  9  2010 tidy4aug00
> drwxrwxr-x+ 1 1175788    1049089          0 May 14  2014 tinymce
> drwxr-xr-x+ 1 1051305 1073742337          0 Jan 13  2012 tomahawk-1.1.11
> ...
> 
> Note the different numerical id's that translate to the same username.
> Don't know if it means anything.  I just find it weird.

That's due to your SID history.  It's a bit hard to explain, but that
occurs when "they" switch to a new domain with different SIDs.  When
asking for the new and the old SID, the same username is returned since
both are your SIDs, one old, one new.

I strongly recommend not to use the old SID anymore.  The reason is that
Cygwin will create all these files with the old SIDs.  However, your
actual user token has the new SID.  Uh, as I wrote, hard to explain and
a weird situation.

Downside: Cygwin can't handle the old SIDs from your SID history quite
correctly.  Trying to support them as well would slow down the user and
group lookups a lot.  If you can live with what we just found out and
the solution I suggested, I'd be rather happy :}


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

next prev parent reply	other threads:[~2015-03-24 16:48 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-23 18:56 Lemke, Michael  ST/HZA-ZSW
2015-03-23 19:39 ` Corinna Vinschen
2015-03-24 14:00   ` Steve Johnson
2015-03-24 14:05     ` Corinna Vinschen
2015-03-24 15:50       ` Lemke, Michael  ST/HZA-ZSW
2015-03-24 16:22         ` Corinna Vinschen
2015-03-24 16:33           ` Lemke, Michael  ST/HZA-ZSW
2015-03-24 17:03             ` Corinna Vinschen [this message]
2015-03-24 18:40               ` Lemke, Michael  ST/HZA-ZSW
2015-03-24 18:59                 ` Andrey Repin
2015-03-24 20:42                 ` Corinna Vinschen
2015-03-24 14:03   ` Habermann, David (D)
2015-03-24 14:11     ` Corinna Vinschen
2015-03-24 14:20       ` Corinna Vinschen
2015-03-24 14:29     ` Corinna Vinschen
2015-03-24 14:33       ` Corinna Vinschen
2015-03-24 14:57       ` Habermann, David (D)
2015-03-24 15:11     ` Achim Gratz
2015-03-24 16:37       ` Habermann, David (D)
2015-03-24 16:25 Steve Johnson
2015-03-24 16:48 ` Corinna Vinschen
2015-03-24 19:53   ` Steve Johnson
2015-03-24 21:28     ` Corinna Vinschen
2015-03-25  6:19       ` Steve Johnson
2015-03-25  9:25         ` Corinna Vinschen
2015-03-25 14:39           ` Steve Johnson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150324164850.GY3017@calimero.vinschen.de \
    --to=corinna-cygwin@cygwin.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).