This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Testers needed: New passwd/group handling in Cygwin

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Tue, 25 Feb 2014 21:04:14 +0100
Subject: Re: Testers needed: New passwd/group handling in Cygwin
Authentication-results: sourceware.org; auth=none
References: <20140213143849 dot GH2246 at calimero dot vinschen dot de> <87fvn7cb68 dot fsf at Rainer dot invalid>
Reply-to: cygwin at cygwin dot com

On Feb 25 19:14, Achim Gratz wrote:
> Corinna Vinschen writes:
> > This is a pretty intrusive change, in need of some serious testing, so
> > I'd like to ask for volunteers.  The latest 2014-02-13 snapshot from
> > http://cygwin.com/snapshots/ contains the changes, including the latest
> > bugfix.
> 
> I've tested the 2014-02-19 snapshot at work.  Two problems:
> 
> 1. Running "id" takes 13 seconds to fetch my 440 group memberships
> (possibly there are some users that would be in ~10x as many groups).
> Caching doesn't seem to be effective for this since the next several

The stuff in the `id' application is not cached at all.  Caching is
inherited from the parent process, but the parent never asked for all
your groups so it hasn't cached this information.  Every invocation of
id has to request the group info anew.

> invocations of "id" take the same time.  During most of that time you
> actually can't ^C the process, lsass is growing a few dozen threads and
> seems to be talking to the DC.  Falling back to use just the /etc files
> makes this work really fast (much faster than without the snapshot).

Do you have a very slow connection to your DC by any chance?  I admit
that I never tested with 440 groups, only with about 30 or so, but 13
seconds sounds *very* lame.

OTOH, this isn't *quite* unexpected.  Right now, the LDAP connection to
the DC is opened and closed for every single account request.  I wasn't
sure yet if the ldap connection should be opened only once per process
and then stay open for the rest of the process lifetime.  This sounds so
much like wasting sockets...

> 2. I use a few volumes on NetApp filers that have security set up so
> that you can't change attributes.  That means POSIX permissions are
> always listed as "0000".  I uausally mount these noacl, but when I
> access them via their UNC path (for instance when Windows runs a script
> from a CWD on that volume, then Perl reports false for file test
> operators (-x, -w) other than existence.  Backing out the snapshot
> reverts to the previous behaviour of these test operators correctly
> determining that my effective rights (via normal and extended security
> attributes tied to a group memberships) are sufficient.  The shell
> (bash, tcsh) test operators work correctly, but I don't know what Perl
> is doing differently.

The fact that the shells are doing it right seems to indicate that this
isn't a generic problem.  I can't debug this, though.  Can you see if
you can figure out what's going on under the hood?  Does strace show
anything of interest?  Can we perhaps set up some joint debugging via
private mail during the next couple of days?

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpycfmoywNju.pgp
Description: PGP signature

Follow-Ups:
- Re: Testers needed: New passwd/group handling in Cygwin
  - From: Achim Gratz

References:
- Testers needed: New passwd/group handling in Cygwin
  - From: Corinna Vinschen
- Re: Testers needed: New passwd/group handling in Cygwin
  - From: Achim Gratz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]