Making Cygwin More Tolerant of Orphaned SIDs?
Corinna Vinschen
corinna-cygwin@cygwin.com
Tue Apr 14 16:21:00 GMT 2015
On Apr 14 16:53, Corinna Vinschen wrote:
> On Apr 14 07:24, Bryan Berns wrote:
> > On Tue, Apr 14, 2015 at 4:00 AM, Corinna Vinschen
> > >
> > > The problem is that Cygwin, or any other tool trying to resolve SIDs
> > > doesn't know a SID won't resolve before it tried. And then it's an
> > > OS function which takes its time. It's like checking for network
> > > machines providing shares. Sometimes this test takes ages, but in
> > > this case, fortunately, you see that it takes ages in Explorer as
> > > well.
> > >
> > > As for ACLs, you can alleviate the problem somewhat by running cygserver
> > > on the machine, which allows to cache SIDs for all processes. So only
> > > the first process trying the SID will take time, followup processes will
> > > get the cached results from cygserver.
> > >
> > > Other than that, except for ignoring ACLs entirely (noacl) I have
> > > no idea how to solve this problem differently.
> >
> > Yes, I understand there's nothing Cygwin can do beforehand -- that
> > means sense. I guess what I'm saying is that Cygwin doesn't appear to
> > be caching SIDs in certain scenarios.
> >
> > For example, I create a whole bunch of files (like 5000), I use
> > icacls to append a new ACE. Then I do a 'time ls -l
> > /cygdrive/c/somedir/*'. Takes four seconds. In the same Cygwin
> > session, I remove the local group (net localgroup testgroup /delete).
> > I do the same 'time ls -l /cygdrive/c/somedir/*'. Takes 20 seconds.
> > Subsequent runs in the also take 20 seconds. Since I'm able to
> > continue to see the slowdown in the same session, cygserver wouldn't
> > help right?
> >
> > Is the above expected?
>
> Yes. Without cygserver, caching only works from parent to child process.
> One run of ls can't cache data for a parallel run of ls in trhe same
> session. As, btw., explained in the documentation:
>
> https://cygwin.com/cygwin-ug-net/ntsec.html
...and if my reply wasn't clear enough:
Cygserver will help in this scenario as outlined in the documentation.
It caches the account information system-wide, so the stuff the first ls
cached is available for the next ls. Or the next shell session.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150414/6ea0bc0c/attachment.sig>
More information about the Cygwin
mailing list