On Apr 22 10:58, John Orr wrote: > Thank you Corinna, for this and all your other fantastic work for the > cygwin community.
Thank you! > Thanks. First up - when I first read of all the changes to > permissions, I thought I read that the /etc/passwd and /etc/group > files should no longer be necessary, and I thought I'd deleted them, > [...] > > So, what does `id' print for you? > > #: john@johndesktop:~ ; id > uid=197608(john) gid=545(Users) groups=545(Users),197121(None),114(Local > account and member of Administrators > group),544(Administrators),4(INTERACTIVE),66049(CONSOLE > LOGON),11(Authenticated Users),15(This Organization),113(Local > account),4095(CurrentSession),66048(LOCAL),262154(NTLM > Authentication),405504(High Mandatory Level) This is in an elevated shell, and it's with the passwd file still present, right? Otherwise, as a local account, your primary group should be "None". This is not changable in Windows for local SAM accounts. > [...] > > No, that's not the case. All user are members in the Users group. `net > > localgroup Users' should show this. > > Ok, that makes sense - I guess I was confused by the lines in my previously > posted 'net user john' output saying: > > Local Group Memberships *Administrators > Global Group memberships *None > > Why no mention of Users? Also: > > #: john@johndesktop:~ ; net localgroup Users > Alias name Users > Comment > > Members > > ------------------------------------------------------------------------------- > NT AUTHORITY\Authenticated Users > NT AUTHORITY\INTERACTIVE > The command completed successfully. > > (I can check with our Windows sysadmin about this if you like.) Well, I can't really tell you why this is. You're of course still indirectly a member of the Users group, via the membership in "Authenticated Users". Why your account isn't directly a member of Users, I don't know. Usually, if you create local accounts on Windows, the account is a direct member of Users. > > However, your *real* primary group > > as a local user is the group called "None" (unless you're using a > > "Microsoft Account", but that doesn't seem to be the case here). > > Said sysadmin confirmed it's a standalone machine - though I don't > know what a "Microsoft Account" is I don't think... Logging in via your email address. > For the record, I'll share my confusion that if my real group is None, I > don't know why I get this: > #: john@johndesktop:~ ; net localgroup None > System error 1376 has occurred. > > The specified local group does not exist. > > #: john@johndesktop:~ ; net group None > This command can be used only on a Windows Domain Controller. > > More help is available by typing NET HELPMSG 3515. > > #: john@johndesktop:~ ; NET HELPMSG 3515 > > This command can be used only on a Windows Domain Controller. I share the confusion, too. I don't know why Microsoft didn't allow to show info on "None" in the command line nor in the GUI. We'll probably never know. Ultimately it is possible to change the comment and other stuff for group None programatically I think, but I never actually tried it. > > For getting this stuff working it might be better to start out by removing > > all these settings and start from scratch, looking what's there and what's > > not (passwd, group files, nsswitch.conf settings). > > Totally agree (and as I say, this was my original thought too). Can we please start from scratch? First, you removed passwd and group files, ok? Keep everything commented out in nsswitch.conf, or set it to passwd: db group: db Please also remove the comment settings for your user and any group in the local SAM. Stop all Cygwin processes. Start a new shell. Let's have a look at the output of $ id $ getent passwd $USER $ cd <some local directory> # Not network share $ touch foo $ ls -l foo Does it look correct? Are you "john" and your primary group is "None"? > Removing passwd and group immediately changes my output to > #: john@johndesktop:/etc ; ll /cygdrive/l/.bashrc > -rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22 2013 > /cygdrive/l/.bashrc This is why you should start from scratch. It totally baffles me that you see an "Unknown+User" here. Given that this is a Samba share, what you *should* see is "Unix_User+$UID". "Unknown+User" means that Cygwin or rather, Windows can't resolve the SID Samba returns. Fishy... Next you do this aforementioned `ls -l' on the samba share. So we know your Linux account is john (uid 1000) and your primary group is john (gid 1000). Create a file "foo1" on the share via Windows, and create a file "foo2" on the share directly from Linux. Assuming the Samba machine is not running winbind, what you should see for a just created file is this: From Linux shell: -rw-r--r-- 1 john john [...] foo1 -rw-r--r-- 1 john john [...] foo2 From Cygwin: -rw-r--r-- 1 Unix_User+1000 Unix_Group+1000 [...] foo1 -rw-r--r-- 1 Unix_User+1000 Unix_Group+1000 [...] foo2 If you look into Explorer's "Properties" dialog for the files, the "Security" tab should show something like this in both cases: Everyone john (Unix User\john) john (Unix Group\john) However, if that's not the case, something else is going on. The Samba machine is running winbindd and access from your Windows machine creates files under another Linux account which is then mapped back to some Active Directory account. If so, we're running into a problem here. Is your machine an AD member machine? It doesn't seem so. But then, Cygwin won't be able to resolve the SID it gets back for these files. I really wonder if there's some configuration problem between your machine and the rest of the company which just leaves Cygwin hanging in the rain. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
pgpUSSqpAHji_.pgp
Description: PGP signature
