No support for ACLs on network shares?
Corinna Vinschen
corinna-cygwin@cygwin.com
Thu Nov 26 13:42:00 GMT 2015
On Nov 23 04:28, Matt D. wrote:
> Andrey,
>
> My samba server is configured to use winbind and when inspecting the file
> using explorer properties, the SIDs resolve correctly as:
>
> "NAME (HOSTNAME\username)"
>
> where "NAME" is my name on the unix account and "username" is my login.
>
> The problem is that Cygwin isn't aware of this SID since it's the user I log
> in as to the remove server and isn't a local SID.
I don't know why that occurs. I'd have expected to see something like
UnixUser+number at least. However, the above is not the situation you
use winbind for. Winbind maps Windows user accounts to Unix accounts,
but in the above case it's a real Unix account, not one of the mappings
used by Winbind.
Your case is tricky. Windows doesn't care for the account, unless
you open the security tab in the properties dialog. In that case
Explorer knows the share it's looking up and so knows which server
to ask for the account information. In Cygwin this works differently.
Given the current flow of information, the account functions in Cygwin
only get told something like "please return a passwd entry for SID
S-1-x-y-z". The functions don't know in which scenario the request
is performed, so it only asks the local machine for the SID, and the
local machine only looks into its own SAM, or in an AD environment
it's DC. If those don't know the account, Cygwin has to handle this
account as unknown. ANother way to dereference an account is by
utilizing the user mapping per RFC 2307 as outlined in
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba
The method described therein allows to map the Unix account to your
local Windows account, so from Cygwin's POV the files belong to your
Windows user.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20151126/57cab3a8/attachment.sig>
More information about the Cygwin
mailing list