This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: File owner set to Unknown+User on cygwin 1.7.35 via samba 3.6.6 on debian


Right, let's see...

>> Thanks.  First up - when I first read of all the changes to
>> permissions, I thought I read that the /etc/passwd and /etc/group
>> files should no longer be necessary, and I thought I'd deleted them,
>> [...]
>> > So, what does `id' print for you?
>> 
>> #: john@johndesktop:~ ; id
>> uid=197608(john) gid=545(Users) groups=545(Users),197121(None),114(Local account
>> and member of Administrators
>> group),544(Administrators),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated
>> Users),15(This Organization),113(Local
>> account),4095(CurrentSession),66048(LOCAL),262154(NTLM
>> Authentication),405504(High Mandatory Level)
> 
> This is in an elevated shell, and it's with the passwd file still
> present, right?

Yes the passwd file was present, but no, I didn't do anything (like type in a password) to make it elevated.
Although - given I appear to be a member of Administrators, does that make it elevated?

> Can we please start from scratch?  

With pleasure :)

> First, you removed passwd and group
> files, ok?  Keep everything commented out in nsswitch.conf, or set it
> to
> 
>  passwd: db
>  group: db

I went with this explicit option, forcing db.

> Please also remove the comment settings for your user and any group in
> the local SAM.  Stop all Cygwin processes.  Start a new shell.

Done I think, and rebooted for safety.
I checked (or tried to check) Users, Administrators, None, Power Users, Authenticated Users, This Organization, Local account, CurrentSession, Guests, Remote Desktop Users, and LOCAL.  Hope that was enough.

>  $ id
#: john@johndesktop:~ ; id
uid=197608(john) gid=197121(None) groups=197121(None),114(Local account and member of Administrators group),544(Administrators),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local account),4095(CurrentSession),66048(LOCAL),262154(NTLM Authentication),405504(High Mandatory Level)

>  $ getent passwd $USER
#: john@johndesktop:~ ; getent passwd $USER
john:*:197608:197121:U-JOHNDESKTOP\john,S-1-5-21-775725812-2182925691-3402384268-1000:/home/john:/bin/bash

>  $ cd <some local directory>		# Not network share
>  $ touch foo
>  $ ls -l foo
#: john@johndesktop:~ ; cd
#: john@johndesktop:~ ; touch foo
#: john@johndesktop:~ ; ls -l foo
-rw-rwxr--+ 1 john None 0 Apr 23 10:57 foo

> Does it look correct?  Are you "john" and your primary group is "None"?
Looks good to me...
 
>> Removing passwd and group immediately changes my output to
>> #: john@johndesktop:/etc ; ll /cygdrive/l/.bashrc
>> -rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22  2013 /cygdrive/l/.bashrc
> 
> This is why you should start from scratch.  It totally baffles me that
> you see an "Unknown+User" here.  Given that this is a Samba share, what
> you *should* see is "Unix_User+$UID".  "Unknown+User" means that Cygwin
> or rather, Windows can't resolve the SID Samba returns.  Fishy...
> 
> Next you do this aforementioned `ls -l' on the samba share.  So we
> know your Linux account is john (uid 1000) and your primary group is
> john (gid 1000).
> 
> Create a file "foo1" on the share via Windows, and create a file "foo2"
> on the share directly from Linux.
Windows:
#: john@johndesktop:/cygdrive/l ; cd /cygdrive/l
#: john@johndesktop:/cygdrive/l ; touch foo1
Linux:
#: john@johnwl:~ ; touch foo2

> Assuming the Samba machine is not running winbind, what you should see for
> a just created file is this:
> 
> From Linux shell:
> 
>  -rw-r--r-- 1 john  john  [...]  foo1
>  -rw-r--r-- 1 john  john  [...]  foo2

#: john@johnwl:~ ; ls -l foo*
-rw-r--r-- 1 john john 0 Apr 23 10:58 foo1
-rw-r--r-- 1 john john 0 Apr 23 10:58 foo2

Tick :)

> From Cygwin:
> 
>  -rw-r--r-- 1 Unix_User+1000  Unix_Group+1000  [...]  foo1
>  -rw-r--r-- 1 Unix_User+1000  Unix_Group+1000  [...]  foo2

#: john@johndesktop:/cygdrive/l ; ls -l foo*
-rw-r--r-- 1 Unknown+User Unix_Group+1000 0 Apr 23 10:58 foo1
-rw-r--r-- 1 Unknown+User Unix_Group+1000 0 Apr 23 10:58 foo2

Cross :(

> If you look into Explorer's "Properties" dialog for the files, the
> "Security" tab should show something like this in both cases:
> 
>  Everyone
>  john (Unix User\john)
>  john (Unix Group\john)

foo1:
Everyone
john (Unix Group\john)
John Orr (JOHNWL\john)

foo2:
[ as above ]

> However, if that's not the case, something else is going on.  The
> Samba machine is running winbindd and access from your Windows machine
> creates files under another Linux account which is then mapped back
> to some Active Directory account.

I'm not aware of running winbind, and:
#: john@johnwl:~ ; ps -ef | grep winbind
john      6164  5732  0 11:01 pts/0    00:00:00 grep --color=auto winbind

I've attached a dump of ps -ef in case there's more ideas in it.

> If so, we're running into a problem here.  Is your machine an AD member
> machine?

It's not.  Speaking to the sys admin, they are standalone machine like one might set up at home.  No AD, just my account, and an administrator account that the sys admin can use.  The only change he makes is to give him control over windows software updates (he vets them first before pushing them out to the rest of us).

> It doesn't seem so.  But then, Cygwin won't be able to resolve
> the SID it gets back for these files.  I really wonder if there's some
> configuration problem between your machine and the rest of the company
> which just leaves Cygwin hanging in the rain.

The whole situation is on my machine alone.  The linux machine is a Debian Wheezy Virtual Machine running on my Windows 7 machine under VirtualBox (with a Bridged Adapter network setup).  

I tried running tcpdump on my linux box to capture the network traffic generated by running ls -l foo1 from cygwin, then importing it into wireshark - I'm no expert here but the NT QUERY SECURITY DESC looked like this:

SMB (Server Message Block Protocol)
    SMB Header
    NT Trans Response (0xa0)
        [FID: 0x2520 (\foo1)]
            [Opened in: 48]
            [Closed in: 63]
            [File Name: \foo1]
            [Create Flags: 0x00000010]
            [Access Mask: 0x00020080]
            [File Attributes: 0x00000000]
            [Share Access: 0x00000007 SHARE_READ SHARE_WRITE SHARE_DELETE]
            [Create Options: 0x00204000]
            [Disposition: Open (if file exists open it, else fail) (1)]
        Function: NT QUERY SECURITY DESC (6)
  [...]
        NT QUERY SECURITY DESC Data
            NT Security Descriptor
                Revision: 1
                Type: 0x9004
                Offset to owner SID: 20
                Offset to group SID: 48
                Offset to SACL: 0
                Offset to DACL: 64
                Owner: S-1-5-21-2908258922-1501660359-1356206134-1000  (Domain SID-Domain RID)
                    Revision: 1
                    Num Auth: 5
                    Authority: 5
                    Subauthorities: 21-2908258922-1501660359-1356206134-1000
                    RID: 1000  (Domain RID)
                Group: S-1-22-2-1000  ()
                    Revision: 1
                    Num Auth: 2
                    Authority: 22
                    Subauthorities: 2-1000
  [...]

The full file is attached.  The linux box is 172.18.9.173, windows is 172.18.9.236.

Anything else I can do to debug?  Thus far I've only run stable cygwin releases but if necessary that could change.

Thanks again!

John

Attachment: dump4.pcap
Description: Binary data

Attachment: ps.txt
Description: Text document

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]