RFC2307 accounts

Marc Rechte mrechte@studelec-sa.com
Wed Mar 9 11:50:00 GMT 2016


Le 09/03/2016 12:27, Corinna Vinschen a écrit :
> On Mar  9 11:42, Marc Rechte wrote:
>> Le 09/03/2016 10:14, Mark Geisert a écrit :
>>> Marc Rechte wrote:
>>>> Hello,
>>>>
>>>>    Trying to set RFC2307 accounts, using unix schema in
>>>> /etc/nsswitch.conf.
>>> [...]
>>>
>>> Your original post of this material was answered about 30 minutes after
>>> your post.  Kindly follow up there...
>>>
>>> https://cygwin.com/ml/cygwin/2016-03/msg00076.html
>> Sorry, I did not get that answer emailed to me (some confusion during the
>> subscription).
>>
>> I am not clear with answer given by Corinna.
>>
>> The idea behind RFC2307, imho is to have a consistent UID/GID between
>> systems which have joined a domain. This is what we achieved in our domain,
>> where a user login into whatever Linux box, gets the same uid/gid. One would
>> expect the same behaviour in cygwin (on a joined machine), wouldn't he ?
> That's not the idea behind the uid/gid mapping.  You might have noticed
> that "unix" is not used as a keyword in the passwd and group settings
> in /etc/nsswitch.conf, only in the db_home, db_shell, and db_gecos settings.
>
> Keep in mind that we have two mappings.  The main mapping is the mapping
> between Windows SID and a computed uid/gid value used in Cygwin which
> allows fast mapping in both directions.  A computed value drops the
> requirement to access an LDAP server for the mapping, which is
> especially bad when not using AD as mapping server.
>
> Please read https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nfs
> and https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba
> again.  The RFC 2307 mapping only comes into play when reading meta
> information from an NFS or Samba share.  The unix uid/gid values have to
> be mapped to a Windows user (better: SID) in the first place, not to the
> Cygwin uid/gid values.  The actual uid/gid values are irrelevant.  Worse,
> using the RFC 2307 values might collide with other, computed uid/gid
> values.
>
>
> Corinna
>

OK, I noticed that. Now it brings me a problem using rsync on cygwin.

On cygwin:
$ cat /etc/rsyncd.conf
[test]
         path = /cygdrive/c/tmp
         comment = zone de test
         fake super = yes
         read only = no

On the Linux box:
# ls -l /home/tunix/
...
drwxr-xr-x  3 tunix root                     4096  9 mars  12:23 resto_win
-rw-rw-r--+ 1 tunix utilisateurs_du_domaine 82882  9 mars  10:56 tmp.ps

#  rsync -avz --acls --delete /home rsync://192.168.0.23/test
..
# rsync -avz --acls --delete rsync://192.168.0.23/test/home/tunix resto_win/
...
# ls -l /home/tunix/resto_win/tunix/
...
drwx------ 2 1050005 1049089  4096  9 mars  12:14 resto_win
-rw------- 1 1050005 1049089 82882  9 mars  10:56 tmp.ps

You will notice that owner, group and ACLs  are *not* restored properly

Am I demanding too much to cygwin ?

Thanks for your time.

Marc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4163 bytes
Desc: Signature cryptographique S/MIME
URL: <http://cygwin.com/pipermail/cygwin/attachments/20160309/6e3186ea/attachment.p7s>


More information about the Cygwin mailing list