From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-212107-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 52130 invoked by alias); 11 Apr 2018 09:35:11 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 51902 invoked by uid 89); 11 Apr 2018 09:34:47 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-106.2 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=rights, accounts
X-HELO: mout.kundenserver.de
Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (212.227.17.24) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 11 Apr 2018 09:34:46 +0000
Received: from calimero.vinschen.de ([217.91.18.234]) by mrelayeu.kundenserver.de (mreue104 [212.227.15.183]) with ESMTPSA (Nemesis) id 0Lp6Wq-1ea8aF3Qoe-00er2I for <cygwin@cygwin.com>; Wed, 11 Apr 2018 11:34:43 +0200
Received: by calimero.vinschen.de (Postfix, from userid 500)	id 34B29A80699; Wed, 11 Apr 2018 11:34:43 +0200 (CEST)
Date: Wed, 11 Apr 2018 09:35:00 -0000
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: [Bug] File permissions across domains
Message-ID: <20180411093443.GM29703@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <874lkjt3dw.fsf@Rainer.invalid> <20180411070312.GK29703@calimero.vinschen.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="uJWb33pM2TcUAXIl"
Content-Disposition: inline
In-Reply-To: <20180411070312.GK29703@calimero.vinschen.de>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-UI-Out-Filterresults: notjunk:1;V01:K0:vnO+P0Jgtw0=:8PJcdpt7qdp8JiT7KLtVIK zOgX7hw/1idYNSmkHh3ce/HPBbHNd/RbzZq+IEfP0YK4mKBkDzIDLk0VmJpxd1t/ZWagB8wJM k7orfuwxi6T0PXFjFOZrvjZdHz+hBj2vhpHgVDcYsJ70kaWfQRlN4RO+32RXMoU/dEhWF1NFT qObW/FeI+49yvs2zQqB9OpnuCWKdD+8cdDT6nx5rkOObsAWAyURQZ6GTxMi8HNOgUJKP1tGuA FKwGDcTjfXZglFMJeYQy2XU6e2kSSTshP/nNgMZXd25A0zCU7OHfAZPXIeNu+H5dAz3pE8SDb scSgvBNBQAW08lgo/vP6MBeYwL+MPYQz6MfxUWfkZuk98ElsPvOkqopXi1EASnudl5lq+I9Em /LCBBj9AYPSkm1N3SJVq5zARMJufTfcxvsW2DyTWPduIgd0GcNOv5JNC2o8SvnQd7l5KTpRij irPU9JDpsyxBZgWmbP4lJ3SVmn03uHL5HJ9NVehfj1VzonzcboWPY1nMdhstEi5u06AhZ3Ylh qpj4d1LU6lIvNiKyEspJIMpr6zug3GeA/aje6+fAE6hpR2I6oxPt7c2+qry0ytGsibA9EG+L5 9LiPw/LmSKG3N9K2ui4RPq9Kpha7roOpadR3DDTTWqI0pMUplgV+Rb5yZrHMZ3F54hXvQxrqY BbD5ZU/u++0NoZmiUhJc6EvH1d/lAdmgc2Nb8ThgSYEpWyU3AXkiZP5kgh9LallIY96Fx+/cW PxNh0d3eKuRenTNeKmtLdTdp+kwgI+xGpnFexA==
X-SW-Source: 2018-04/txt/msg00122.txt.bz2

--uJWb33pM2TcUAXIl
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-length: 1704

On Apr 11 09:03, Corinna Vinschen wrote:
> Same here, belong on the Cygwin ML.  Redirecting.
>=20
> Corinna
>=20
> On Apr 10 18:47, Achim Gratz wrote:
> >=20
> > We're in the midst of switching to a different LDAP domain
> > organisation.  All my accounts still arein the old domain and that leads
> > to problems when lookking at shares from a mchine in the new domain:
> >=20
> > --8<---------------cut here---------------start------------->8---
> > (1027)/mnt/upload > touch bla
> > (1027)/mnt/upload > getfacl bla
> > # file: bla
> > # owner: OLD+gratz
> > # group: OLD+Domain Users
> > user::---
> > group::---
> > group:OLD+cygwinupload:rwx
> > mask:rwx
> > other:---
> >=20
> > (1028)/mnt/upload > ls -l bla
> > ----rwx---+ 1 OLD+gratz OLD+Domain Users 0 Apr 10 14:41 bla
> > --8<---------------cut here---------------end--------------->8---
> >=20
> > So Cygwin correctly figures that I'm the owner of the file, but fails to
> > translate my access rights (via group OLD+cygwinupload) into the owner
> > part of the modes like it does when I look at the same file from a
> > machine in the old domain.  That in turn confuse sprograms that check
> > the modes before the ACL (like Git) to tell me that I can't access the
> > files (or that there is no repository in the case of Git).

This is a bit low on detail.  What does icacls say about this file?  How
does getfacl report the ACL on a machine in the old domain?  What does
ls -l report on the file on both machines?  Does an strace on getfacl
report an error in ACL checking?


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--uJWb33pM2TcUAXIl
Content-Type: application/pgp-signature; name="signature.asc"
Content-length: 833

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlrN1rMACgkQ9TYGna5E
T6Aorw//en6ASTyntON+i3c1t6rTuOUFmZtOPO8USzOevqLz+y0bCf4ETpNgRnw8
B5e+yT3An6O9Sx3j7rgl2X9YjyKVbvw+mZ3L3OmXUOQHwF8fAGkSU5rqYqGU2Lnf
Uj+5PMqCa9TiTXa90pUX5rVz7RarX5klph2AWWG2bXeGNBll2hjFh+lwW42CeqOt
6zVqqAWp52a2gwtWjh2Et5VUKqDPRsyxstfp/rleIN+WfjhYc9TJrZrudtWLr2G0
HiPQAYe6/kksB6baRErWTjRmckq5r6WrmJbTXde5s5h/0/3UaLdVdbwDhCOFT0Gy
uf85rLieH7/RjY7wIbpj0DDs2YoMg3iDjDKVWdL/1Kw1o/EMNWt6KQpvNm3QhMXG
P4OZ6HhkP9hm8akzNQIFZtdWjXftyBCoonxv//lx1hV+O6kIy2qOydvLXwKGKPKj
a+EaxcuTAOqTP6ccGkxsoleGfEusq01mG7SuAtUUOa6bWq7qt3qr22+X7XKVWari
tCaVLDJN1BbHHo81atvxOHnwrO0b3i8Hsa59aw9gdx6S9V7nNcY9j5d3W/CK0cvS
H1hQMSCzrtgOgTMj5skNUbINTAnzYK3q8CMD0TIuGckieCKstjZj+uTcqJ3JQ91M
80TCRjgc0D+x9CPN/py5nQj8L9J0nopQA5MslTY1y8ovUfO99Fs=
=9h8R
-----END PGP SIGNATURE-----

--uJWb33pM2TcUAXIl--