Re: incompat in cygwin choice of using '+' as domain and user separator.

[L A Walsh <cygwin@tlinx.org>]

[-- Attachment #1: Type: text/plain, Size: 2921 bytes --]

On 8/23/2018 1:11 AM, Corinna Vinschen wrote:
...
> No, that's a wrong assumption.  Think about it.  The ACL given to
> acl_to_text is the binary form, so it doesn't contain user or group
> names, only uids and gids.  The usernames are only generated in the
> output.
---
	Rats.  Of course, you're right.  
	Then I nominate the problem being that it can't convert 
from domain "Unknown"-user + "Unknown"-group to something it can 
store in tar.  I'll try to elaborate.  

lsacl is an output massager that mainly compacts output of 
getfacl into a 1 line form as used by the linux chacl format 
for environments where chacl was missing (like cygwin and some linux
machines).  It's a fairly trivial script (attached), feel free
to do whatever w/it.

As far as duplication, I have /etc/passwd+/etc/group files that 
mirror my accounts on the linux-based PDC (samba 3.x).

so when lsacl puts out:
> lsacl miner.js
[u::rwx,g::rwx,o:r-x,u:Unknown+User:rwx,g:Unknown+Group:rwx,g:Administrators:rwx,g:Bliss\Domain Admins:rwx,m:rwx/] miner.js

then getfacl puts out:

> getfacl miner.js
# file: miner.js
# owner: Bliss\law
# group: Bliss\Domain Admins
user::rwx
group::rwx
other:r-x
user:Unknown+User:rwx
group:Unknown+Group:rwx
group:Administrators:rwx
group:Bliss\Domain Admins:rwx
mask:rwx

or numerically:

> getfacl -n miner.js
# file: miner.js
# owner: 5013
# group: 512
user::rwx
group::rwx
other:r-x
user:4294967295:rwx
group:4294967295:rwx
group:544:rwx
group:512:rwx
mask:rwx

In this case, that user+group appear to correspond
to non-existent users. (S-1-5-21-oldsystem-ID-1001 + -1005).
The domain/system part appears to be from some previous
value for the machine's "sid"?  Not sure how to deliberately
reproduce that, but maybe you have a tool to create an
invalid acl entry for a user like: 
Unknown+User:*:4294967295:4294967295:S-1-5-21-3457732827-2369206082-2151550420-1001
in /etc/passwd.
and something similar in /etc/group?


I can fairly easily work around it by just deleting the
invalid user/group from the GUI.

The icacls output on the file with some added line breaks 
(from D:PAI to S:P was all 1 line).

miner.js
D:PAI(A;;0x1f01bf;;;S-1-5-21-33-77-33-5013)(A;;0x1201bf;;;DA)
(A;;0x1200a9;;;WD)(A;;0x1201ff;;;S-1-5-21-33-77-33-5013)
(A;;0x1201ff;;;SY)(A;;0x1201ff;;;BA)(A;;0x1200a9;;;WD)
(A;;FA;;;S-1-5-21-33-77-33-5013)
(A;;0x1201ff;;;S-1-5-21-3457732827-2369206082-2151550420-1001)
(A;;0x1201ff;;;DA)
(A;;0x1201ff;;;S-1-5-21-3457732827-2369206082-2151550420-1005)S:P

I can work around this for the small number of files that were weird, but it seems cygwin should "more gracefully" handle such things if it can(?).

I wonder if rsync has a similar problem...yup:

> rsync -aA miner.js ../testbin/  
rsync: set_acl: sys_acl_set_file(miner.js, ACL_TYPE_ACCESS): Invalid argument (22)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1196) [sender=3.1.2]





[-- Attachment #2: lsacl --]
[-- Type: text/plain, Size: 1626 bytes --]

#!/bin/bash 

## $Id: lsacl,v 1.5 2015-08-02 10:29:25-07 law Exp $
# Version 2 -- try to work with getfacl on cygwin
#


shopt -s expand_aliases
alias int=declare\ -i		sub=function  string=declare

gfacl=$(type -P getfacl)

if ! type -f cygwin 2>/dev/null ; then
	_un_=$(type -P uname)
	if		[[ $_un_ ]] ; then _os_=$($_un_ -o);
	elif	[[ -e /proc/sys/kernel ]]; then _os_=Linux; 
	else	_os_=Cygwin; 
	fi
	if		[[ $_os_ =~ Cygwin ]]; then function cygwin () { return 0; }
	else	function cygwin () { return 1; }
	fi
	unset _un_ _os_
	export -f cygwin
fi

if cygwin 2>/dev/null ;then 
	[[ $gfacl ]] || { printf "FATAL: Cannot find getfacl in path\n"; exit 1; }
	sub gfacl () { "$gfacl" "$@"; }
else										## linux version has broken semantics requiring "-p"
	sub gfacl () { "$gfacl" -p "$@" ; }
fi

export -f gfacl


sub facl2str {
	string fn=${1:?"Need pathname"}
	string s1='/^\#.*$/d; /^\s*$/d; s/\s*#.*$//; s/^(.)(ser|roup|ask|ther):/\1:/; y/\n/,/'
	string facl=$(gfacl -a "$fn"|sed -r "$s1"|tr "\n" ",")
	facl=${facl%,}
	string dacl=$(gfacl -d "$fn"|sed -r "s/^default://; $s1"|tr "\n" ",")
	dacl=${dacl%,}
	printf "[%s/%s]\n" "$facl" "$dacl"
}



int acllen=0 maxfnln=0
#for fn in "$@" ; do if ((maxfnln<${#fn})); then maxfnln=${#fn}; fi ; done

sub acl_str () {
	if cygwin ;then 
		perm=$(facl2str "$fn")
	else 
		qfn=$(printf "%q " "$fn")
		out="$(chacl -l "$fn")"
		perm="${out#$qfn}"
	fi
	printf "%s\n" "$perm"
}


for fn in "$@"; do
	int max=40
	perm=$(acl_str "$fn")
	int len=${#perm}
	if ((len>_acl_len_)); then acllen=len; fi
	if ((acllen>max));		then acllen=max; fi
	printf "%-${acllen}s %s\n" "$perm" "$fn"
done

[-- Attachment #3: Type: text/plain, Size: 219 bytes --]


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple