This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: mkpasswd -l -d completed after 5 days


Matt Seitz (matseitz <matseitz <at> cisco.com> writes:

> I ran into similar problems with "mkpasswd" taking a long time on a
> large Active Directory (AD) domain.  I
> worked around the issue using the following procedure:
...

Thanks.
I think I can go on with the files I got.
Maybe the purpose of these procedures should be better documented.
What is actually needed, and for what?
There is already a good deal of contents about ntsec and smbsec, 
but it could still be improved, I'm afraid.

I am still puzzled by the non-obvious way the various accounts work.
E.g. I can do 'chown 18:544 ...' (SYSTEM:Administrators, with the SYSTEM
mapping as it seems to the 'LocalSystem' reported by cygcheck as the uid
under which my apache is run under cygrunsrv) to some file, after which 
I cannot edit it anymore, but despite my expectations, I can still copy
files to the same directory where I cannot touch them!?

bin> ls -lnd .
drwxr-xr-x+ 3 18 544 0 Mar  6 18:26 .
bin> touch foo
touch: cannot touch `foo': Permission denied
bin> ls -lnd foo
ls: cannot access foo: No such file or directory
bin> touch /tmp/foo
bin> mv /tmp/foo .
bin> ls -lnd foo
-rw-r--r-- 1 654351 10545 0 Mar  7 09:13 foo
bin> ls -ld foo
-rw-r--r-- 1 emagiro Domain Users 0 Mar  7 09:13 foo
bin> ls -ld .
drwxr-xr-x+ 3 SYSTEM Administrators 0 Mar  7 09:13 .
bin> getfacl .
# file: .
# owner: SYSTEM
# group: Administrators
user::rwx
group::r-x
mask:rwx
other:r-x
default:user::rwx
default:group::---
default:other:---
bin> grep :18: /etc/passwd
SYSTEM:*:18:544:,S-1-5-18::
bin> egrep '^Account' /tmp/cygcheck.out
Account             : LocalSystem
Account             : LocalSystem
bin> chown 18:544 foo
bin> ls -ld foo
-rw-r--r-- 1 SYSTEM Administrators 0 Mar  7 09:13 foo
bin> echo foo > foo
bash: foo: Permission denied

It is not trivial to draw the line between what is normal (or must be 
accepted) and what is weird and should be fixed...

Esp. when you first do something in a network drive, and have installed
cygwin 'for yourself' without admin rights, then reinstall cygwin 'for
all' and access the same home directory.

Thanks,
Marc


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]