From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 112696 invoked by alias); 13 Apr 2018 19:31:18 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 112688 invoked by uid 89); 13 Apr 2018 19:31:17 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=Sound, privileges, Hx-spam-relays-external:ESMTPA X-HELO: vsmx012.vodafonemail.xion.oxcs.net Received: from Unknown (HELO vsmx012.vodafonemail.xion.oxcs.net) (153.92.174.90) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 13 Apr 2018 19:31:15 +0000 Received: from vsmx004.vodafonemail.xion.oxcs.net (unknown [192.168.75.198]) by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTP id 5A2FC8CED74 for ; Fri, 13 Apr 2018 19:31:07 +0000 (UTC) Received: from Gertrud (unknown [91.47.59.44]) by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTPA id 36346CDF90 for ; Fri, 13 Apr 2018 19:31:05 +0000 (UTC) From: Achim Gratz To: cygwin@cygwin.com Subject: Re: [Bug] File permissions across domains References: <874lkjt3dw.fsf@Rainer.invalid> <20180411070312.GK29703@calimero.vinschen.de> <20180411093443.GM29703@calimero.vinschen.de> <87r2nlwtln.fsf@Rainer.invalid> <20180412073805.GS29703@calimero.vinschen.de> <87bmeo8cc7.fsf@Rainer.invalid> <20180413122959.GB27440@calimero.vinschen.de> Date: Fri, 13 Apr 2018 19:31:00 -0000 In-Reply-To: <20180413122959.GB27440@calimero.vinschen.de> (Corinna Vinschen's message of "Fri, 13 Apr 2018 14:29:59 +0200") Message-ID: <87sh7y52fe.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-VADE-STATUS: LEGIT X-SW-Source: 2018-04/txt/msg00156.txt.bz2 Corinna Vinschen writes: > It's dirt easy: For you... :-) I know next to nothing about all this stuff. > Ok. However, MSDN explicitely suggests to fetch the AuthZ context > from the current user token, if the idea is to ask for the permissions > of the current user. It's much less costly than calling > AuthzInitializeContextFromSid. OK. > Is your account an admin account by any chance? If so, does it work if > you run in an elevated shell? As I said, I have both an admin and a normal account that show the same behaviour (it makes no difference if the admin account is used with elevated privileges or not). > I don't understand what you're trying to say here. Are there > differences or not? You're on to something. I have over 500 groups in my token in the old domain, but only half of those end up in the token when I'm logged in on the machine in the new domain (at least as far as Cygwin is concerned as obviously I can still access the files when I'm actually trying). I scheduled an audience with one of the AD guys some time next week, he thinks he can explain why that happens and hopefully it's something that can be fixed on the AD side. Eventually I'll have my account migrated to the new domain later this year anyway at which point these sort of problems should go away, but at least for the next two months I'll have to stick it out. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple