This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: File owner set to Unknown+User on cygwin 1.7.35 via samba 3.6.6 on debian

On Apr 22 10:58, John Orr wrote:
> Thank you Corinna, for this and all your other fantastic work for the
> cygwin community.

Thank you!

> Thanks.  First up - when I first read of all the changes to
> permissions, I thought I read that the /etc/passwd and /etc/group
> files should no longer be necessary, and I thought I'd deleted them,
> [...]
> > So, what does `id' print for you?
> #: john@johndesktop:~ ; id
> uid=197608(john) gid=545(Users) groups=545(Users),197121(None),114(Local account and member of Administrators group),544(Administrators),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local account),4095(CurrentSession),66048(LOCAL),262154(NTLM Authentication),405504(High Mandatory Level)

This is in an elevated shell, and it's with the passwd file still
present, right?  Otherwise, as a local account, your primary group
should be "None".  This is not changable in Windows for local SAM

> [...]
> > No, that's not the case.  All user are members in the Users group.  `net
> > localgroup Users' should show this.
> Ok, that makes sense - I guess I was confused by the lines in my previously posted 'net user john' output saying:
> Local Group Memberships      *Administrators       
> Global Group memberships     *None                 
> Why no mention of Users?  Also:
> #: john@johndesktop:~ ; net localgroup Users
> Alias name     Users
> Comment        
> Members
> -------------------------------------------------------------------------------
> NT AUTHORITY\Authenticated Users
> The command completed successfully.
> (I can check with our Windows sysadmin about this if you like.)

Well, I can't really tell you why this is.  You're of course still
indirectly a member of the Users group, via the membership in
"Authenticated Users".  Why your account isn't directly a member of
Users, I don't know.  Usually, if you create local accounts on Windows,
the account is a direct member of Users.

> > However, your *real* primary group
> > as a local user is the group called "None" (unless you're using a
> > "Microsoft Account", but that doesn't seem to be the case here).
> Said sysadmin confirmed it's a standalone machine - though I don't
> know what a "Microsoft Account" is I don't think...

Logging in via your email address.

> For the record, I'll share my confusion that if my real group is None, I don't know why I get this:
> #: john@johndesktop:~ ; net localgroup None
> System error 1376 has occurred.
> The specified local group does not exist.
> #: john@johndesktop:~ ; net group None
> This command can be used only on a Windows Domain Controller.
> More help is available by typing NET HELPMSG 3515.
> #: john@johndesktop:~ ; NET HELPMSG 3515
> This command can be used only on a Windows Domain Controller.

I share the confusion, too.  I don't know why Microsoft didn't allow to
show info on "None" in the command line nor in the GUI.  We'll probably
never know.  Ultimately it is possible to change the comment and other
stuff for group None programatically I think, but I never actually tried

> > For getting this stuff working it might be better to start out by removing
> > all these settings and start from scratch, looking what's there and what's
> > not (passwd, group files, nsswitch.conf settings).
> Totally agree (and as I say, this was my original thought too).

Can we please start from scratch?  First, you removed passwd and group
files, ok?  Keep everything commented out in nsswitch.conf, or set it

  passwd: db
  group: db

Please also remove the comment settings for your user and any group in 
the local SAM.  Stop all Cygwin processes.  Start a new shell.

Let's have a look at the output of

  $ id
  $ getent passwd $USER
  $ cd <some local directory>		# Not network share
  $ touch foo
  $ ls -l foo

Does it look correct?  Are you "john" and your primary group is "None"?

> Removing passwd and group immediately changes my output to 
> #: john@johndesktop:/etc ; ll /cygdrive/l/.bashrc
> -rw-r--r-- 1 Unknown+User Unix_Group+1000 3833 Aug 22  2013 /cygdrive/l/.bashrc

This is why you should start from scratch.  It totally baffles me that
you see an "Unknown+User" here.  Given that this is a Samba share, what
you *should* see is "Unix_User+$UID".  "Unknown+User" means that Cygwin
or rather, Windows can't resolve the SID Samba returns.  Fishy...

Next you do this aforementioned `ls -l' on the samba share.  So we
know your Linux account is john (uid 1000) and your primary group is
john (gid 1000).

Create a file "foo1" on the share via Windows, and create a file "foo2"
on the share directly from Linux.

Assuming the Samba machine is not running winbind, what you should see for
a just created file is this:

From Linux shell:

  -rw-r--r-- 1 john  john  [...]  foo1
  -rw-r--r-- 1 john  john  [...]  foo2

From Cygwin:

  -rw-r--r-- 1 Unix_User+1000  Unix_Group+1000  [...]  foo1
  -rw-r--r-- 1 Unix_User+1000  Unix_Group+1000  [...]  foo2

If you look into Explorer's "Properties" dialog for the files, the
"Security" tab should show something like this in both cases:

  john (Unix User\john)
  john (Unix Group\john)

However, if that's not the case, something else is going on.  The
Samba machine is running winbindd and access from your Windows machine
creates files under another Linux account which is then mapped back
to some Active Directory account.
If so, we're running into a problem here.  Is your machine an AD member
machine?  It doesn't seem so.  But then, Cygwin won't be able to resolve
the SID it gets back for these files.  I really wonder if there's some
configuration problem between your machine and the rest of the company
which just leaves Cygwin hanging in the rain.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpEvfky1oJjD.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]