This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Win7 system update hosed something in Cygwin
On 2019/08/16 18:44, David Karr wrote:
>
>
> I would most like to understand what changed to make this suddenly
> start happening.
----
You really need to read the cygwin section on nt-security.
in the user manual @ https://www.cygwin.com/cygwin-ug-net/ntsec.html.
If you are into things appearing a certain way -- I think you
will really find this invaluable. It also gives background and why
things changed.
As for how or why a windows update changed a behavior
in cygwin -- MS doesn't released documentation in that detail.
I came up with my mappings on my linux/samba box because
I have a pretty simple setup. But I wanted the common well-known
ID's in there so they would also make some sense:
>From the very generic sids:
Null Authority:x:10010:S-1-0,builtin:
Nobody:x:10100:S-1-0-0,builtin:
World Authority:x:10101:S-1-1,builtin:
Everyone:x:11100:S-1-1-0,builtin:
Local Authority:x:10102:S-1-2,builtin:
...
to my domain id's:
Domain Administrator:x::S-1-5-21-33333-77777-33333-500,domain:
Domain Admins:x::S-1-5-21-33333-77777-33333-512,domain:
Domain Users:x::S-1-5-21-33333-77777-33333-513,domain:
...
to local roles:
Administrators:x::S-1-5-32-544,builtin:
Users:x::S-1-5-32-545,builtin:
Backup Operators:x::S-1-5-32-551,builtin:
...
and authentication + trust labels:
NTLM Authentication:x::S-1-5-64-10,builtin:
Schannel Authentication:x::S-1-5-64-10,builtin:
NT Service:x::S-1-5-80,builtin
Untrusted Mandatory Level:x::S-1-16-0,builtin:
Low Mandatory Level:x:11604096:S-1-16-4096,builtin:
High Mandatory Level:x:11612288:S-1-16-12288,builtin:
System Mandatory Level:x:11616384:S-1-16-16384,builtin:
So in cygwin, when I display my 'id' output, I see the various
groups and labels on my userid:
uid=5013(Bliss\law) gid=201(Bliss\lawgroup) groups=201(Bliss\lawgroup), 1015(lawgroup), 1018(Netmon Users), 1017(pulse-access), 1016(pulse-rt), 1023(WinRMRemoteWMIUsers__), 544(Administrators), 555(Remote Desktop Users), 559(Performance Log Users), 545(Users), 11504(Interactive), 11201(Console Login), 11511(Authenticated Users), 4095(CurrentSession), 66048(LOCAL), 260(Bliss\Media), 512(Bliss\Domain Admins), 513(Bliss\Domain Users), 1053(Bliss\Trusted Local Net Users), 1156410(NTLM Athentication), 11612288(High Mandatory Level)
If you look at your security blob using something like 'processhacker' (goog),
you can see all those labels on your login. Setup right, you also see them
in your cygwin shell, which I thought was cool (being a computer scientist).
Sorry if this was too much, I can't say my setup is necessarily
recommended, BUT, I wanted my Win+linux machines to be joined as
1 machine (all my docs & content is on the linux box, with progs on
my Win Desktop box) joined by a 10gbit ethernet cable:
> I've been running this Cygwin installation for a long time on this
> laptop without any problem like this.
Yeah, you get used to a well tuned setup (though mine does often
have problems because of the weird things I've tried).
-linda
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple