Making Cygwin More Tolerant of Orphaned SIDs?

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Apr 14 16:21:00 GMT 2015 

On Apr 14 16:53, Corinna Vinschen wrote:
> On Apr 14 07:24, Bryan Berns wrote:
> > On Tue, Apr 14, 2015 at 4:00 AM, Corinna Vinschen
> > >
> > > The problem is that Cygwin, or any other tool trying to resolve SIDs
> > > doesn't know a SID won't resolve before it tried.  And then it's an
> > > OS function which takes its time.  It's like checking for network
> > > machines providing shares.  Sometimes this test takes ages, but in
> > > this case, fortunately, you see that it takes ages in Explorer as
> > > well.
> > >
> > > As for ACLs, you can alleviate the problem somewhat by running cygserver
> > > on the machine, which allows to cache SIDs for all processes.  So only
> > > the first process trying the SID will take time, followup processes will
> > > get the cached results from cygserver.
> > >
> > > Other than that, except for ignoring ACLs entirely (noacl) I have
> > > no idea how to solve this problem differently.
> > 
> > Yes, I understand there's nothing Cygwin can do beforehand -- that
> > means sense.  I guess what I'm saying is that Cygwin doesn't appear to
> > be caching SIDs in certain scenarios.
> > 
> > For example, I create a whole bunch of files (like 5000),  I use
> > icacls to append a new ACE.  Then I do a 'time ls -l
> > /cygdrive/c/somedir/*'.  Takes four seconds.  In the same Cygwin
> > session, I remove the local group (net localgroup testgroup /delete).
> >  I do the same 'time ls -l /cygdrive/c/somedir/*'.  Takes 20 seconds.
> > Subsequent runs in the also take 20 seconds.  Since I'm able to
> > continue to see the slowdown in the same session, cygserver wouldn't
> > help right?
> > 
> > Is the above expected?
> 
> Yes.  Without cygserver, caching only works from parent to child process.
> One run of ls can't cache data for a parallel run of ls in trhe same
> session.  As, btw., explained in the documentation:
> 
>   https://cygwin.com/cygwin-ug-net/ntsec.html

...and if my reply wasn't clear enough:

Cygserver will help in this scenario as outlined in the documentation.
It caches the account information system-wide, so the stuff the first ls
cached is available for the next ls.  Or the next shell session.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150414/6ea0bc0c/attachment.sig>

More information about the Cygwin mailing list