From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from andromeda.onevision.de (unknown [212.77.172.62]) by sourceware.org (Postfix) with ESMTP id 3301E385802C for ; Tue, 18 Jan 2022 20:21:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 3301E385802C Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=onevision.de Authentication-Results: sourceware.org; spf=none smtp.mailfrom=onevision.de Received: from [192.168.5.32] (v5515-01.onevision.com [192.168.5.32]) by andromeda.onevision.de (8.14.2/8.12.9/ROSCH/DDB) with ESMTP id 20IKLDol023600 for ; Tue, 18 Jan 2022 21:21:14 +0100 Message-ID: <9a7b2d8e-3e86-b36c-c5a2-d6eb24c56e7f@onevision.de> Date: Tue, 18 Jan 2022 21:22:27 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 To: cygwin@cygwin.com From: Roland Schwingel Subject: permissions problems with files on samba share Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2022 20:21:17 -0000 Hi ... It is 2022 and there are still people out in the wild running 1.7. They don't want to but had to and are now on the way to cygwin 3.3.3. It was a hard long way, but we are nearly there now. But only nearly. There are some problems left. One of it is user mapping between samba/linux users to windows/cygwin users. All our homeaccounts reside on a linux server running samba. The samba is not running in AD mode, but in traditional domain mode and is backed by a quite big LDAP. We are always logged in with our domain accounts. Now I try to seek help here as I already have spent hell a lot of time on this. Up to now we still run cygwin 1.7.35 and are going now to 3.3.3 (64bit). The new cygwin runs on windows 10/11 together with the old cygwin 1.7 (seperated from each other - not running the same time) on the same machine for testing. We can read files from the homeaccounts without problem, but writting/deleting files is not that easy from the new cygwin. With the old cygwin 1.7 everything is still fine - in this regard. With cygwin 1.7 we had /etc/passwd and /etc/groups in place. With 3.3.3 we use /etc/nsswitch.conf. Creating /etc/passwd on the new 3.3.3 did not change a thing. The CYGWIN envvar is empty on both installs. View of a sample folder in my homeaccount (~/test): native linux: # ls -al ~/test total 36 drwxrwxr-x+ 2 roland develop 4096 Jan 18 20:16 . drwxr-xr-x 84 roland develop 20480 Jan 18 20:17 .. -rw-rwxr--+ 1 roland develop 5 Jan 14 12:27 some_file cygwin 1.7.35 $ls -al ~/test total 1024 drwxr-xr-x 1 roland develop 0 Jan 18 20:16 . drwxr-xr-x 1 roland develop 0 Jan 18 20:17 .. -rwxr-xr-x 1 roland develop 5 Jan 14 12:27 some_file slightly different permissions for some_file but ok so far. cygwin 3.3.3 $ls -al ~/test total 1024 drwxr-xr-x+ 1 Unix_User+1000 Unix_Group+1001 0 Jan 18 20:16 . drwxr-xr-x+ 1 Unix_User+1000 Unix_Group+1001 0 Jan 18 20:17 .. -rw-r--r-- 1 Unix_User+1000 Unix_Group+1001 5 Jan 14 12:27 some_file permissions are different again and owners/groups are different at all! This also has effects on fileprocessing in cygwin. I know this behaviour from old cygwin with no /etc/passwd in place. Here is the /etc/nsswitch.conf from 3.3.3: # /etc/nsswitch.conf # # This file is read once by the first process in a Cygwin process tree. # To pick up changes, restart all Cygwin processes. For a description # see https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch # # Defaults: passwd: files db group: files db #db_enum: cache builtin db_enum: cache builtin local primary db_home: /%H db_shell: /bin/bash db_gecos: windows getent passwd on 3.3.3: $getent passwd roland:*:1049576:1049577:Roland Schwingel,U-ONEVISION\roland,S-1-5-21-123-456-789-1000://subnet-homes/User/roland:/bin/bash SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash LOCAL SERVICE:*:19:19:U-NT AUTHORITY\LOCAL SERVICE,S-1-5-19:/:/sbin/nologin NETWORK SERVICE:*:20:20:U-NT AUTHORITY\NETWORK SERVICE,S-1-5-20:/:/sbin/nologin Administrators:*:544:544:U-BUILTIN\Administrators,S-1-5-32-544:/:/sbin/nologin NT SERVICE+TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:/:/sbin/nologin DEVRYZEN-02+Administrator:*:197108:197121:U-DEVRYZEN-02\Administrator,S-1-5-21-3089862167-1060948595-489759208-500:/vol/c/Users/Administrator:/bin/bash DEVRYZEN-02+DefaultAccount:*:197111:197121:U-DEVRYZEN-02\DefaultAccount,S-1-5-21-3089862167-1060948595-489759208-503:/:/bin/bash DEVRYZEN-02+Guest:*:197109:197121:U-DEVRYZEN-02\Guest,S-1-5-21-3089862167-1060948595-489759208-501:/:/bin/bash DEVRYZEN-02+IT:*:197609:197121:IT department,U-DEVRYZEN-02\IT,S-1-5-21-3089862167-1060948595-489759208-1001:/vol/c/Users/IT:/bin/bash DEVRYZEN-02+me:*:197610:197121:Test user,U-DEVRYZEN-02\me,S-1-5-21-3089862167-1060948595-489759208-1002:/vol/c/Users/me:/bin/bash DEVRYZEN-02+WDAGUtilityAccount:*:197112:197121:U-DEVRYZEN-02\WDAGUtilityAccount,S-1-5-21-3089862167-1060948595-489759208-504:/:/bin/bash My account on 1.7.35 in /etc/passwd: roland:unused:11000:11001:Roland Schwingel,U-ONEVISION\roland,S-1-5-21-123-456-789-1000://subnet-homes/User/roland:/bin/bash cygwin 3.3.3: mkpasswd -b -l my-pdc | grep roland: roland:*:4244636648:4244636649:Roland Schwingel,U-ONEVISION\roland,S-1-5-21-123-456-789-1000://subnet-homes/User/roland:/bin/bash Putting the /etc/passwd from 1.7.35 in 3.3.3 did not help at all. As you can see the uid/gids are different for the 2 versions for the same user. What am I doing wrong here? I need to access the files on the sambashares like in 1.7. I also observed that listing files on the samba shares is notably slower on 3.3.3 compared to 1.7.35. I tested this a couple of times: time ls -al ~/ >/dev/null is about 0.2 seconds in 1.7 and about 1 second in 3.3. Maybe this is related to the permission problems. Anyhow I fear 3.3.3 is a lot slower than 1.7 on the same machine. Benchmarks are pending. Hope someone can help! Thanks. Roland