Re: Making Cygwin More Tolerant of Orphaned SIDs?

[Bryan Berns <bryan.berns@gmail.com>]

On Tue, Apr 14, 2015 at 2:23 PM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> On Apr 14 12:44, Bryan Berns wrote:
>> On Tue, Apr 14, 2015 at 10:53 AM, Corinna Vinschen
>> <corinna-cygwin@cygwin.com> wrote:
>> > On Apr 14 07:24, Bryan Berns wrote:
>> >> For example, I create a whole bunch of files (like 5000),  I use
>> >> icacls to append a new ACE.  Then I do a 'time ls -l
>> >> /cygdrive/c/somedir/*'.  Takes four seconds.  In the same Cygwin
>> >> session, I remove the local group (net localgroup testgroup /delete).
>> >>  I do the same 'time ls -l /cygdrive/c/somedir/*'.  Takes 20 seconds.
>> >> Subsequent runs in the also take 20 seconds.  Since I'm able to
>> >> continue to see the slowdown in the same session, cygserver wouldn't
>> >> help right?
>> >>
>> >> Is the above expected?
>> >
>> > Yes.  Without cygserver, caching only works from parent to child process.
>> > One run of ls can't cache data for a parallel run of ls in trhe same
>> > session.  As, btw., explained in the documentation:
>> >
>> >   https://cygwin.com/cygwin-ug-net/ntsec.html
>>
>> Alright, I'll give it a shot when I get back to my lab.  I suspect it
>> shouldn't take an additional 16 seconds to attempt to lookup account
>> information (and fail) on my two node test network so I'm curious how
>> much this will cut the time by.
>> If I setup cygserver with all the --no options set (reference:
>> https://cygwin.com/cygwin-ug-net/using-cygserver.html) since I don't
>> want any accidental cross-user information sharing, will that
>> effectively only provide the SID caching functionality or is there
>> other functionality to be wary of?
>
> You don't have to disable anything.  Just don't set the debug option
> to avoid logging passwd entries.
>

Finally tested with cygserver (temporarily with debug on so I can see
what's going on).  I can definitely see the one entry returned when I
run 'ls -l' over my whole collection of files while my test group
(LocalGroupTest) is still present.  Sample log as follows:

/home/corinna/src/cygwin/cygwin-2.0.0/prerelease/cygwin-2.0.0-0.4.i686/src/newlib-cygwin/winsup/cygserver/pwdgrp.cc,
line 167: Request account information returns
<BERNS-TEST+LocalGroupTest:S-1-5-21-1187188735-1394039937-4283913392-1011:197619:>
error 0

If I delete the group while cygserver is running, the results continue
to be speedy.   However, as soon as I delete the group and restart
cygserver, things go south.  Performance is even worse than without
cygserver and there are entries for EVERY file that 'ls' is hitting
even though they all have the same group in the ACL so it appears the
'Unknown' users/groups are not being cached.  Sample log as follows
(one of thousands of lines):

Request account information returns
<Unknown+User:*:4294967295:4294967295:U-Unknown\User,S-1-5-21-1187188735-1394039937-4283913392:/:/sbin/nologin>
error 0

Thoughts?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple