From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22034 invoked by alias); 15 Feb 2019 21:00:24 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 21840 invoked by uid 89); 15 Feb 2019 21:00:10 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=BAYES_00,FREEMAIL_FROM,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 spammy=Hx-languages-length:2908, underneath, states X-HELO: mout.gmx.com Received: from mout.gmx.com (HELO mout.gmx.com) (74.208.4.201) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 15 Feb 2019 21:00:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com; s=dbd5af2cbaf7; t=1550264401; bh=ytoDJgW3n7l2taYvINaG803ktAJWPIWFr4eHwfPkOzw=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=DownIG0trZU3nA8xuAGpelBmr4PKocsYgCdMHKvcBGE2+20cXm9XhX5boN8YlO9Zs etbRp02Nn05bSdjnmjDHFh9f4f+LC8cidFIlcn2LcZZ6f3Fw2GBKKf0Y+n+O5pr5No SCJ6jxkxFIxe5ckJ4d+WH+fmkOKf/U3KU7zlYQA8= X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79 Received: from mail-lj1-f169.google.com ([209.85.208.169]) by mail.gmx.com (mrgmxus002 [74.208.5.15]) with ESMTPSA (Nemesis) id 0Lyn0j-1h6Dnq2KmN-01698J for ; Fri, 15 Feb 2019 22:00:01 +0100 Received: by mail-lj1-f169.google.com with SMTP id q128so9474033ljb.11 for ; Fri, 15 Feb 2019 13:00:01 -0800 (PST) MIME-Version: 1.0 References: <50cba8d1-4794-8db9-d1f3-ab9476421db7@gmx.com> <20190215163817.GI2702@calimero.vinschen.de> <20190215202936.GL2702@calimero.vinschen.de> <20190215204326.GO2702@calimero.vinschen.de> In-Reply-To: <20190215204326.GO2702@calimero.vinschen.de> From: Bill Stewart Date: Fri, 15 Feb 2019 21:00:00 -0000 Message-ID: Subject: Re: Windows to Cygwin username mapping: Domain before local account when duplicate name? To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2019-02/txt/msg00208.txt.bz2 On Fri, Feb 15, 2019 at 1:43 PM Corinna Vinschen wrote: > More specific as the original text? I'm hard pressed to accomplish > that. Take note of the "domain member machine" property. I think I see the problem. The list I posted (above the one you are apparently referring to) has the search in a different order. The section that starts with "Let's discuss the SID<=>uid/gid mapping first. Here's how it works." states this order: _________________________________________________________________ * Well-known SIDs in the NT_AUTHORITY domain of the S-1-5-RID type * Other well-known SIDs in the NT_AUTHORITY domain (S-1-5-X-RID) * Other well-known SIDs * Logon SIDs * Accounts from the local machine's user DB (SAM) * Accounts from the machine's primary domain * Accounts from a trusted domain of the machine's primary domain _________________________________________________________________ In this list, local machine accounts are listed before domain accounts. Underneath that, there's a second section with examples that starts with "Now we have a semi-bijective mapping..." that has this order: _________________________________________________________________ * Well-known and builtin accounts will be named as in Windows: "SYSTEM", "LOCAL", "Medium Mandatory Level", ... * If the machine is not a domain member machine, only local accounts can be resolved into names, so for ease of use, just the account names are used as Cygwin user/group names: "corinna", "bigfoot", "None", ... * If the machine is a domain member machine, all accounts from the primary domain of the machine are mapped to Cygwin names without domain prefix: "corinna", "bigfoot", "Domain Users", ... while accounts from other domains are prepended by their domain: "DOMAIN1+corinna", "DOMAIN2+bigfoot", "DOMAIN3+Domain Users", ... * Local machine accounts of a domain member machine get a Cygwin user name the same way as accounts from another domain: The local machine name gets prepended: "MYMACHINE+corinna", "MYMACHINE+bigfoot", "MYMACHINE+None", ... * If LookupAccountSid fails, Cygwin checks the accounts against the known trusted domains. If the account is from one of the trusted domains, an artificial account name is created. It consists of the domain name, and a special name created from the account RID: _________________________________________________________________ In the second list, it says domains are first before the local machine. I was assuming the first section is an orderly sequence of searching, since that's usually how Windows works. The second section with the examples seems to be a different order, and would seems to be the order Cygwin actually uses. I was just wondering if that's by design or by accident, since it's different from the typical order. Regards, Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple