This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: bug report, question and suggestion

On Tue, Jan 29, 2002 at 09:32:06PM -0500, Pierre A. Humblet wrote:
> When ntsec is not defined, internal_getlogin matches the
> Windows username with the pw_name's in passwd to find the uid.
> When ntsec is defined, internal_getlogin scans passwd by sid's.
> Cygwin user names can then be different from Windows user names.
> In my case the program was running as a service under cygrunsrv. 
> ntsec was not defined in the environment of the service manager, 
> but only as a -e CYGWIN= argument to cygrunsrv. 
> When cygrunsrv started it didn't find the Windows username in pw_name
> and used the default uid. When the service application started, with
> ntsec, it didn't scan the passwd file because cygrunsrv is a Cygwin 
> process. Thus the username and uid were incorrect under ntsec...
> The same problem happens when a user with a Cygwin username
> different from Windows starts without ntsec.
> I saw 4 possible solutions.
> 1) Mandate ntsec if Cygwin and Windows user names differ.
> Not so good. /etc/passwd is a shared resource and different users
> may have different ntsec preferences. Unexpected situations can 
> occur.

But that's the whole point of having `ntsec' on.  As I described in
the ntsec docs ( having a
Cygwin username different from the Windows username is explicitely
a property of `ntsec'.  Having a different username is not supported
w/o ntsec.

Besides that, I can't suggest using ntsec for one user but nontsec
for another user.  This results in weird effects for the user who's
not using ntsec.  According to the `ls -l' output she has access to
file "foo" but a `cat foo' returns "Permission denied".  I admit
that that also may happen with ntsec on, due to the complexity of
NT permissions which aren't reflected by the `ls -l' output.  But the
surprises should be few.

> 4) Always scan /etc/passwd for sid (on NT/2000/XP). If no success,
> rescan based on Windows username.
> A little inefficient at startup if ntsec is not enabled, but most 
> flexible [the two searches can also be combined, possible 
> optimization].

I think you're right that we should always look for the SID in
/etc/passwd at that point.  The problem is exactly the startup of
cygrunsrv with no CYGWIN setting in the system environment.  I'm
so used to having the usual "CYGWIN=binmode ntsec tty" in my system
environment that I'd never seen that problem.

> The attached uinfo.diff file implements solution 4.
> It also does not set primary group in the token (useless).

No, it's not useless.  If this process starts non-Cygwin processes
this processes will set the users primary group given in /etc/passwd
as primary group for created files.  That's intended.  I will not
remove that.

However, I have some problems with your patch to

- It eliminates the opening brace at line 130 but it eliminates an
  unrelated closing brace at line 193.  The corresponding closing
  brace would be in line 212.  Is that planned - and if so, why -
  or is that just an accident?
- The formatting isn't correct anymore after eliminating the braces.
- I'm missing a ChangeLog entry for that patch.

Could you please resubmit your patch with these changes to the
cygwin-patches mailing list?  And would you mind to send a copyright
assignment form as described on

Thanks for tracking that down.  This could explain some of the
problems people have starting sshd, perhaps.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]