From: Achim Gratz <Stromeko@nexgo.de>
To: cygwin@cygwin.com
Subject: Re: [Bug] File permissions across domains
Date: Fri, 13 Apr 2018 19:31:00 -0000 [thread overview]
Message-ID: <87sh7y52fe.fsf@Rainer.invalid> (raw)
In-Reply-To: <20180413122959.GB27440@calimero.vinschen.de> (Corinna Vinschen's message of "Fri, 13 Apr 2018 14:29:59 +0200")
Corinna Vinschen writes:
> It's dirt easy:
For you... :-) I know next to nothing about all this stuff.
> Ok. However, MSDN explicitely suggests to fetch the AuthZ context
> from the current user token, if the idea is to ask for the permissions
> of the current user. It's much less costly than calling
> AuthzInitializeContextFromSid.
OK.
> Is your account an admin account by any chance? If so, does it work if
> you run in an elevated shell?
As I said, I have both an admin and a normal account that show the same
behaviour (it makes no difference if the admin account is used with
elevated privileges or not).
> I don't understand what you're trying to say here. Are there
> differences or not?
You're on to something. I have over 500 groups in my token in the old
domain, but only half of those end up in the token when I'm logged in on
the machine in the new domain (at least as far as Cygwin is concerned as
obviously I can still access the files when I'm actually trying). I
scheduled an audience with one of the AD guys some time next week, he
thinks he can explain why that happens and hopefully it's something that
can be fixed on the AD side. Eventually I'll have my account migrated
to the new domain later this year anyway at which point these sort of
problems should go away, but at least for the next two months I'll have
to stick it out.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Factory and User Sound Singles for Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2018-04-13 19:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <874lkjt3dw.fsf@Rainer.invalid>
2018-04-11 7:03 ` Corinna Vinschen
2018-04-11 9:35 ` Corinna Vinschen
2018-04-11 17:17 ` Achim Gratz
2018-04-12 7:38 ` Corinna Vinschen
2018-04-12 7:56 ` Csaba Raduly
2018-04-12 10:13 ` Corinna Vinschen
2018-04-12 19:16 ` Achim Gratz
2018-04-13 12:30 ` Corinna Vinschen
2018-04-13 19:31 ` Achim Gratz [this message]
2018-04-22 7:25 ` Achim Gratz
2018-04-23 8:54 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sh7y52fe.fsf@Rainer.invalid \
--to=stromeko@nexgo.de \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).