From: John Ruckstuhl <john.ruckstuhl@gmail.com>
To: cygwin@cygwin.com
Subject: Re: POSIX permission mapping and NULL SIDs
Date: Tue, 28 Jun 2016 19:17:00 -0000 [thread overview]
Message-ID: <CAOBROv2836AMeLVk0TFdR6tJvGS3hHxTgySV-sALb7irm355sw@mail.gmail.com> (raw)
In-Reply-To: <D3980824.9862%billziss@navimatics.com>
Since these emails go to a list, not just Bill, and are archived,
the extra detail is added value and appreciated by other people now & in future.
On Tue, Jun 28, 2016 at 11:06 AM, Bill Zissimopoulos
<billziss@navimatics.com> wrote:
> On 6/28/16, 3:27 AM, "Corinna Vinschen" <cygwin-owner@cygwin.com on behalf
> of corinna-cygwin@cygwin.com> wrote:
>
>
>>>Ok. Please keep in mind that
>>
>>a) there can't be a bijective mapping between arbitrary length SIDs
>> and a 32 bit uid/gid.
>>
>>b) The mapping used in Cygwin is not self-created but (mostly, except
>> for a single deviation) identical to the Interix mapping. The code
>> basically follows how this mapping has been defined by Microsoft.
>
> Corinna, please stop explaining things to me that I already know.
>
>>> BTW, I have here a partitioning of the UID namespace that may help
>>>choose
>>> the right mapping:
>>>
>>> /*
>>> * UID namespace partitioning (from [IDMAP] rules):
>>> *
>>> * 0x000000 + RID S-1-5-RID,S-1-5-32-RID
>>> * 0x000ffe OtherSession
>>> * 0x000fff CurrentSession
>>> * 0x001000 * X + RID S-1-5-X-RID ([WKSID]:
>>> X=1-15,17-21,32,64,80,83)
>>> * 0x010000 + 0x100 * X + Y S-1-X-Y ([WKSID]: X=1,2,3,4,5,9,16)
>>> * 0x030000 + RID S-1-5-21-X-Y-Z-RID
>>> * 0x060000 + RID S-1-16-RID
>>> * 0x100000 + RID S-1-5-21-X-Y-Z-RID
>>> */
>>
>>You're aware that I wrote the code for this mapping as well as its
>>documentation? :)
>
> Corinna, of course I am aware of that. I have found your original post to
> this list about it. Why would you think otherwise? And why would it change
> anything?
>
>>>With all that and to help conclude this thread I gather here all the
>>> proposed mappings. Corinna, I will use the one which you prefer the
>>>most:
>>>
>>> S-1-0-65534 <-> 65534
>>
>>This one is still my favorite. Again, the range from 0x1000 up to
>>0xffff is unused. Right now any incoming uid/gid value in this range
>>for a reverse SID lookup is treated as invalid SID.
>
> I disagree. You are saying that it is unused, but a (perhaps erroneous)
> SID would map into that space.
>
> In any case I will use your mapping of S-1-0-65534 <-> 65534.
>
> Bill
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2016-06-28 18:34 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-24 19:02 Bill Zissimopoulos
2016-06-24 21:37 ` Corinna Vinschen
2016-06-24 22:00 ` Corinna Vinschen
2016-06-24 22:06 ` Bill Zissimopoulos
2016-06-24 22:31 ` Corinna Vinschen
2016-06-24 22:36 ` Erik Soderquist
2016-06-24 23:03 ` Bill Zissimopoulos
2016-06-24 23:51 ` Bill Zissimopoulos
2016-06-27 13:20 ` Corinna Vinschen
2016-06-24 22:53 ` Bill Zissimopoulos
2016-06-25 17:10 ` Brian Inglis
2016-06-27 10:26 ` Bill Zissimopoulos
2016-06-27 10:29 ` Andrey Repin
2016-06-27 12:06 ` Corinna Vinschen
2016-06-27 20:31 ` Bill Zissimopoulos
2016-06-28 11:08 ` Corinna Vinschen
2016-06-28 19:17 ` Bill Zissimopoulos
2016-06-28 19:17 ` John Ruckstuhl [this message]
2016-06-29 8:43 ` Corinna Vinschen
2016-06-29 15:14 ` Corinna Vinschen
2016-06-29 16:06 ` Corinna Vinschen
2016-06-30 9:26 ` Bill Zissimopoulos
2016-06-30 14:15 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOBROv2836AMeLVk0TFdR6tJvGS3hHxTgySV-sALb7irm355sw@mail.gmail.com \
--to=john.ruckstuhl@gmail.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).