From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5531 invoked by alias); 11 Apr 2018 17:17:31 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 5521 invoked by uid 89); 11 Apr 2018 17:17:30 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.5 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,SPF_PASS autolearn=ham version=3.3.2 spammy=processed, sid, 1012, Hx-spam-relays-external:ESMTPA X-HELO: vsmx012.vodafonemail.xion.oxcs.net Received: from vsmx012.vodafonemail.xion.oxcs.net (HELO vsmx012.vodafonemail.xion.oxcs.net) (153.92.174.90) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 11 Apr 2018 17:17:29 +0000 Received: from vsmx004.vodafonemail.xion.oxcs.net (unknown [192.168.75.198]) by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTP id ECE6D8CE855 for ; Wed, 11 Apr 2018 17:17:26 +0000 (UTC) Received: from Gertrud (unknown [91.47.59.44]) by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTPA id C6948CDF84 for ; Wed, 11 Apr 2018 17:17:24 +0000 (UTC) From: Achim Gratz To: cygwin@cygwin.com Subject: Re: [Bug] File permissions across domains References: <874lkjt3dw.fsf@Rainer.invalid> <20180411070312.GK29703@calimero.vinschen.de> <20180411093443.GM29703@calimero.vinschen.de> Date: Wed, 11 Apr 2018 17:17:00 -0000 In-Reply-To: <20180411093443.GM29703@calimero.vinschen.de> (Corinna Vinschen's message of "Wed, 11 Apr 2018 11:34:43 +0200") Message-ID: <87r2nlwtln.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-VADE-STATUS: LEGIT X-SW-Source: 2018-04/txt/msg00131.txt.bz2 Corinna Vinschen writes: > This is a bit low on detail. What does icacls say about this file? How > does getfacl report the ACL on a machine in the old domain? What does > ls -l report on the file on both machines? Does an strace on getfacl > report an error in ACL checking? There is absolutely no error when stracing getfacl on either machine. =46rom the machine in the new domain (my account is in group cygwinupload and access on this share is via ACL only, I can't change ACL): --8<---------------cut here---------------start------------->8--- /mnt/upload > ll bla ----rwx---+ 1 OLD+gratz OLD+Domain Users 0 Apr 10 15:21 bla (1011)/mnt/upload > getfacl bla # file: bla # owner: OLD+gratz # group: OLD+Domain Users user::--- group::--- group:OLD+FileOperators:rwx group:OLD+cygwinupload:rwx mask:rwx other:--- (1012)/mnt/upload > `cygpath -S`/icacls bla bla OLD\FileOperators:(I)(F) OLD\cygwinupload:(I)(M) Successfully processed 1 files; Failed processing 0 files --8<---------------cut here---------------end--------------->8--- The same thing on a machine in the old domain: --8<---------------cut here---------------start------------->8--- (1007)/mnt/upload > ll bla -rwxrwx---+ 1 gratz Domain Users 0 Apr 10 15:21 bla (1008)/mnt/upload > getfacl bla # file: bla # owner: gratz # group: Domain Users user::rwx group::--- group:FileOperators:rwx group:cygwinupload:rwx mask:rwx other:--- (1009)/mnt/upload > `cygpath -S`/icacls bla bla OLD\FileOperators:(I)(F) OLD\cygwinupload:(I)(M) Successfully processed 1 files; Failed processing 0 files --8<---------------cut here---------------end--------------->8--- Checking how Cygwin reads my own account results in exactly the same SID on both machines as it should, but of course Cygwin translates that to different uid / gid values due to the presence of the domain prefix when I'm logged into the machine in the new domain: OLD+gratz:*:2147559089:2147484161:U-OLD\gratz,S-1-5-21-20=E2=80=A6441:/home= /gratz:/bin/bash gratz:*:1124017:1049089:U-OLD\gratz,S-1-5-21-20=E2=80=A6441:/home/gratz:/bi= n/bash I have not yet tried to force the account back to a prefix-less interpretation via /etc/passwd (I had to do that in my home network without a DC to solve a similar problem, but I'd like to avoid that here). Regards, Achim. --=20 +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptations for KORG EX-800 and Poly-800MkII V0.9: http://Synth.Stromeko.net/Downloads.html#KorgSDada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple