On Aug 26 20:32, L A Walsh wrote:
> On 8/23/2018 1:11 AM, Corinna Vinschen wrote:
> ...
> > No, that's a wrong assumption.  Think about it.  The ACL given to
> > acl_to_text is the binary form, so it doesn't contain user or group
> > names, only uids and gids.  The usernames are only generated in the
> > output.
> ---
> 	Rats.  Of course, you're right.  	Then I nominate the problem being that it
> can't convert from domain "Unknown"-user + "Unknown"-group to something it
> can store in tar.

The problem with unknown SIDs is that there's no bijective
transformation between SID <-> uid/gid.  You get the uid/gid -1 and
then... what?  How do you restore the information?  There's no SID for
uid/gid -1.

> As far as duplication, I have /etc/passwd+/etc/group files that mirror my
> accounts on the linux-based PDC (samba 3.x).

What for?  This should work automatically and you would get rid of those
dreaded backslashes in the account names.  Using passwd/group files also
have a higher probability of account overlap with weird results.

Passwd and group files should only be used if you have very specific
problems to solve (like offline usage or see below), otherwise just use
the values you get from the account DBs.

> In this case, that user+group appear to correspond
> to non-existent users. (S-1-5-21-oldsystem-ID-1001 + -1005).
> The domain/system part appears to be from some previous
> value for the machine's "sid"?  Not sure how to deliberately
> reproduce that, but maybe you have a tool to create an
> invalid acl entry for a user like: Unknown+User:*:4294967295:4294967295:S-1-5-21-3457732827-2369206082-2151550420-1001
> in /etc/passwd.
> and something similar in /etc/group?

If you want to keep the old, unknown accounts, just add them to
your passwd and group files (one of those special problems).
Alternatively remove them from all ACLs.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat