On Aug 27 12:50, Corinna Vinschen wrote: > On Aug 27 12:41, Corinna Vinschen wrote: > > On Aug 27 11:09, Corinna Vinschen wrote: > > > On Aug 26 20:32, L A Walsh wrote: > > > > On 8/23/2018 1:11 AM, Corinna Vinschen wrote: > > > > ... > > > > > No, that's a wrong assumption. Think about it. The ACL given to > > > > > acl_to_text is the binary form, so it doesn't contain user or group > > > > > names, only uids and gids. The usernames are only generated in the > > > > > output. > > > > --- > > > > Rats. Of course, you're right. Then I nominate the problem being that it > > > > can't convert from domain "Unknown"-user + "Unknown"-group to something it > > > > can store in tar. > > > > > > The problem with unknown SIDs is that there's no bijective > > > transformation between SID <-> uid/gid. You get the uid/gid -1 and > > > then... what? How do you restore the information? There's no SID for > > > uid/gid -1. > > > > > > > As far as duplication, I have /etc/passwd+/etc/group files that mirror my > > > > accounts on the linux-based PDC (samba 3.x). > > > > > > What for? This should work automatically and you would get rid of those > > > dreaded backslashes in the account names. Using passwd/group files also > > > have a higher probability of account overlap with weird results. > > > > > > Passwd and group files should only be used if you have very specific > > > problems to solve (like offline usage or see below), otherwise just use > > > the values you get from the account DBs. > > > > > > > In this case, that user+group appear to correspond > > > > to non-existent users. (S-1-5-21-oldsystem-ID-1001 + -1005). > > > > The domain/system part appears to be from some previous > > > > value for the machine's "sid"? Not sure how to deliberately > > > > reproduce that, but maybe you have a tool to create an > > > > invalid acl entry for a user like: Unknown+User:*:4294967295:4294967295:S-1-5-21-3457732827-2369206082-2151550420-1001 > > > > in /etc/passwd. > > > > and something similar in /etc/group? > > > > Actually, I just did that. I added a user and a group to the files with > > weird SIDs, then I switched /etc/nsswitch.conf to "db" only. With > > different ACLs (created by Cygwin, created by native Windows) there are > > different results. The problem is that uid/gid -1 can be created as a > > file ACL entry *and* at the same time have the meaning of "don't look > > for the uid/gid" when checking the ACL for validity. To make matters > > worse, if you have multiple ACEs of unknown users, the resulting ACL is > > *always* invalid. > > > > Bottom line is, there are at least two bugs here in Cygwin. I'm looking > > into a fix. > > The only sane way to handle unknown SIDs in file ACLs is to ignore them > entirely. The result will be that you never see them in getfacl, nor > will they be stored by tar or rsync. They are just not there from the > Cygwin perspective. I created a patch, uploaded developer snapshots to https://cygwin.com/snapshots/ and released a new Cygwin test release 2.11.0-0.4 with this change. Please giver any of them a try. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat