Problem with "None" Group on Non-Domain Members

Chris J. Breisch chris.ml@breisch.org
Mon May 5 21:57:00 GMT 2014 

Larry Hall (Cygwin) wrote:
> On 05/05/2014 02:56 PM, Chris J. Breisch wrote:
>> Corinna Vinschen wrote:
>>> On May 5 12:17, Chris J. Breisch wrote:
>>>> Corinna Vinschen wrote:
>>>>> An strace of `chmod 400 bar' might sched some light on this issue,
>>>>> but I
>>>>> have a gut feeling the underlying WIndows call will not even return an
>>>>> error code...
>>>> Attached. Your gut seems to be working today...
>>>
>>> There *is* something weird here. Look at this:
>>>
>>>> 151 36702 [main] chmod 5536 alloc_sd: uid 1001, gid 513, attribute
>>>> 0x2190
>>>> 65 36767 [main] chmod 5536 cygsid::debug_print: alloc_sd: owner SID
>>>> = S-1-5-21-3514886939-1786686319-3519756147-1001 (+)
>>>> 70 36837 [main] chmod 5536 cygsid::debug_print: alloc_sd: group SID
>>>> = S-1-5-21-3514886939-1786686319-3519756147-1001 (+)
>>>
>>> alloc_sd (the underlying function creating a security descriptor) gets
>>> a uid 1001 and gid 513 as input, as usual. But the owner *and* group
>>> SIDs of the file's existing security descriptor is
>>> S-1-5-21-3514886939-1786686319-3519756147-1001, the SID of your user
>>> account.
>>>
>>> Why is your user account the primary group of the file, even though
>>> your user token definitely has "None" (513) as its primary group?
>>> How did it get there?
>>>
>> I don't have a clue. You're the expert. :)
>>
>
> I'm wondering if we're getting the user id as the group for the MS
> Account because there is no group id. Chris, what does 'id' for
> each of these accounts look like and is the group id (assuming they
> are different that the user id) in there?
>
>

Well, I hope I'm not comparing apples and oranges, because now I'm at 
home. However, I have duplicated the scenario and results on this 
machine. It was actually where I noticed it first.

id produces expected results:

MS account:
$ id
uid=1001(Chris) gid=513(None) groups=513(None),545(Users),1003(HomeUsers)

Local account:
$ id
uid=1007(cjb) gid=513(None) groups=513(None),545(Users),1003(HomeUsers)

Actually, it's not quite what I expected. Chris is in the Administrators 
group, and that's not shown.

$ net user Chris
User name                    Chris
Full Name                    Chris Breisch
Comment
User's comment
Country/region code          001 (United States)
Account active               Yes
Account expires              Never

[snip PW stuff for Cygwin filter]

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   5/1/2014 8:39:44 PM

Logon hours allowed          All

Local Group Memberships      *Administrators       *HomeUsers
                              *Users
Global Group memberships     *None
The command completed successfully.

$ net user cjb
User name                    cjb
Full Name                    cjb
Comment
User's comment
Country/region code          000 (System Default)
Account active               Yes
Account expires              Never

[snip]

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   5/5/2014 5:40:39 PM

Logon hours allowed          All

Local Group Memberships      *HomeUsers            *Users
Global Group memberships     *None
The command completed successfully.


-- 
Chris J. Breisch

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list