From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.4.0-0.4
Date: Sun, 29 Nov 2015 18:23:00 -0000 [thread overview]
Message-ID: <20151129171043.GC2755@calimero.vinschen.de> (raw)
In-Reply-To: <CABPLASTWGXVXf+YVx5Uwp6wqZqBmWRmkrFdoKCPR30QEV+4BVA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4177 bytes --]
On Nov 29 15:10, Kacper Michajlow wrote:
> 2015-11-29 13:59 GMT+01:00 Corinna Vinschen <corinna-cygwin@cygwin.com>:
> > On Nov 29 02:16, Andrey Repin wrote:
> >> Greetings, Kacper Michajlow!
> >>
> >> >> Please also attach the output of `id' and of `getfacl . test test/test'.
> >>
> >> > getfacl attached. `id` output is already in cygcheck.log
> >>
> >> > In getfacl output this line `default:group:1001 <unknown>:r-x` looks
> >>
> >> Uh-oh.
> >> Do you, by any chance, have /etc/passwd file?
> >> Or a user comment changing relevant information?
> >
> > I agree with Andrey here: Uh oh!
> >
> > The mkdir trace contains a suspicious snippet which is the reason
> > the mkdir call doesn't manage to post-process the ACL:
> >
> > [...] pwdgrp::fetch_account_from_windows: LookupAccountSidW (S-1-5-32-1001), Win32 error 1332
> > [...] /[...]/security.cc:337 status 0xC0000078 -> windows error 1337
> >
> > Status 0xC0000078 aka Win32 error 1337 means "invalid SID". And the
> > SID 1-5-32-1001 is in fact invalid. The S-1-5-32 prefix denotes a builtin
> > account, but the RID 1001 is invalid for a builtin group. 1001 is the
> > RID of your user account, though, but that would be prefixed by the SID
> > of your machine, which looks like S-1-5-21-XXXXXXXX-YYYYYYYY-ZZZZZZZZ.
> > I don't see how this broken SID came into life, unless your /etc/passwd
> > and/or /etc/group files are broken (hand edited perhaps?).
>
> I guess I only changed shell to zsh in /etc/passwd, but no other
> changes were made. So I have no idea how they could get corrupted
> either.
They aren't. There is no 1-5-32-1001 SID in those files and both files
look entirely insuspicious. Given that Cygwin doesn't create any such
SID from scratch, I'm totally puzzled where this SID is coming from.
Your mkdir trace output doesn't show this SID anywhere else either.
This definitely requires more debugging...
> $ icacls test
> test NULL SID:(DENY)(Rc,S)
> DOMEK\Kacper:(F)
> DOMEK\Kacper:(RX)
> Wszyscy:(RX)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S)
> TWORCA-WLASCICIEL:(OI)(CI)(IO)(F)
> GRUPA TWORCOW:(OI)(CI)(IO)(RX)
> Wszyscy:(OI)(CI)(IO)(RX)
>
> $ icacls test/test
> test/test NULL SID:(DENY)(Rc,S)
> DOMEK\Kacper:(F)
> DOMEK\Kacper:(RX)
> Wszyscy:(RX)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S)
> TWORCA-WLASCICIEL:(OI)(CI)(IO)(F)
> GRUPA TWORCOW:(OI)(CI)(IO)(RX)
> Wszyscy:(OI)(CI)(IO)(RX)
Looks better now.
> BTW. icacls doesn't handle UTF-8 characters well. Just saying.
Heh, yeah. But given that icacls is a Windows tool, not a Cygwin
tool, I'm rather relaxed about this ;) I'm wondering about the
lack of UTF-8 support in most Windows CLI tools myself.
> > - Try chmod 755 test/test again.
>
> Works.
Ok, that's good to know. Now I just have to find out where this
weird SID was created :-P
> > - Also, would you mind to attach your /etc/passwd, /etc/group and
> > /etc/nsswitch.conf files to your reply?
>
> /etc/nsswitch.conf has only commented out default values. Two others
> are attached. To make this clear, I never edited those files except
> zsh change
Not even the group entry for group 11001? It doesn't look like an
entry which would get created automatically.
> so if they are corrupted in any way they must have been
> produced like that. Though it probably was over the year ago when I
> installed cygwin on this machine.
No, the files look ok, basically.
> I personally am fine with abandoning /etc/passwd and /etc/group. This
> is good enough solution for me. Though there might be other people
> with the same issue.
This seems to be a bug in Cygwin, and with the content of your files I
finally managed to reproduce the issue. I'm planning to debug this next
week and, hopefully, come up with a patch. It would be nice if you
could do another test then in your environment :}
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-11-29 17:10 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-21 16:40 Corinna Vinschen
2015-11-23 18:09 ` Kacper Michajlow
2015-11-24 4:19 ` Andrey Repin
2015-11-26 13:24 ` Corinna Vinschen
2015-11-27 19:15 ` Kacper Michajlow
2015-11-27 19:24 ` Kacper Michajlow
2015-11-28 15:55 ` Corinna Vinschen
2015-11-28 23:20 ` Kacper Michajlow
2015-11-29 2:47 ` Andrey Repin
2015-11-29 14:01 ` Corinna Vinschen
2015-11-29 16:37 ` Kacper Michajlow
2015-11-29 18:23 ` Corinna Vinschen [this message]
2015-11-29 20:29 ` Corinna Vinschen
2015-11-30 10:02 ` Kacper Michajlow
2015-11-30 16:02 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151129171043.GC2755@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).