Re: update trouble 1.7.35

[Corinna Vinschen <corinna-cygwin@cygwin.com>]

[-- Attachment #1: Type: text/plain, Size: 2717 bytes --]

On Mar 24 17:56, Lemke, Michael  ST/HZA-ZSW wrote:
> On Tuesday, March 24, 2015 5:49 PM Corinna Vinschen wrote:
> >> Note that "they" did a domain switch here at some point.  My installation 
> >> is really old and the passwd certainly is from before that domain change.
> >
> >That explains it.  Please recreate your /etc/passwd and /etc/group
> >files with mkpasswd and mkgroup, or, even better, just discard them.
> >
> 
> I just created new ones.  I like passwd/group much better than AD, sorry.  
> Just like real unix before the invention of yellow pages and nis.

Yeah, but real unix these days is NIS+ or FreeIPA, or... even AD :)

> This 
> way I can easily give different shells to different users (not that it is
> really important at the moment).

You can do that in AD as well.  Or, as long as all users want the same
shell, you can simply use `db_shell: /bin/tcsh'.

> In nsswitch.conf I put 
> passwd: files db
> group: files db

That's the default setting.  You can simply remove nsswitch.conf in this
case, which should result in a slightly faster startup because Cygwin
doesn't have to scan YA file.

> and ls listings seem to look fine.  Login is also possible again
> with correct tcsh shell.

I'm glad to read that.

> >The problem is the domain switch which also changed the SID of your user
> >account.  The old SID, which you also have in your passwd, is not
> >returned by the server anymore.  But it's stored in your SID history in
> >AD and when asking for it you get an answer.
> 
> So, to sort of sum this up: the new cygwin doesn't deal well with 
> contradicting entries in passwd and AD. 

Basically, yes.  More to the point, your user token and your passwd
file contradict each other.  The user and owner entry in your
user token is your new SID.  The old SID only shows up in the token's
group list, afaik.

> >Downside: Cygwin can't handle the old SIDs from your SID history quite
> >correctly.  
> 
> Actually, with "files db" it seems to handle it quite well.  I get the same
> username for both kind of files.  There are still lots of files in my
> home I created before the domain switch.

Ok, I just can't guarantee that it always works.  The SID history stuff
is a weird solution for a weird problem.

> >Trying to support them as well would slow down the user and
> >group lookups a lot.  If you can live with what we just found out and
> >the solution I suggested, I'd be rather happy :}
> >
> 
> Yes, I am happy now.

Then I am, too :)


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]