Re: chown with not existing user/group
Corinna Vinschen corinna-cygwin at cygwin.com writes: On Feb 29 09:16, Matthieu CASTET wrote: Hi, Why do you want to fake security when yoi can get the real thing? For the same reason that fakeroot is used on UNIX : I want to create images with special unix right. Also according to my posix reading [1], chown should be able to change perm to any uid/gid. I was thinking cygwin goal was to emulate as much as possible posix spec. Matthieu [1] http://www.opengroup.org/onlinepubs/009695399/functions/chown.html -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: chown with not existing user/group
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 According to Matthieu CASTET on 3/4/2008 6:28 AM: | Also according to my posix reading [1], chown should be able to change perm to | any uid/gid. You read wrong. POSIX also allows chown implementations to impose additional restrictions. And on cygwin, we impose the additional restriction that you can't change to a uid/gid that isn't recognized by Windows. | I was thinking cygwin goal was to emulate as much as possible posix | spec. Yes, and cygwin's behavior in this case is still POSIX compliant. - -- Don't work too hard, make some time for fun as well! Eric Blake [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzVFA84KuGfSFAYARAjI9AJwI/o6Or9YnPMPHrI6wvO4byQGqZgCgn/1s J2vBp2lLTx4nVupkqr6KNVg= =DsSR -END PGP SIGNATURE- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: chown with not existing user/group
On Mar 4 06:40, Eric Blake wrote: | I was thinking cygwin goal was to emulate as much as possible posix | spec. Yes, and cygwin's behavior in this case is still POSIX compliant. Right. The error code in question is this: [EINVAL] The owner or group ID supplied is not a value supported by the implementation. We *could* create non-existant SIDs in the security descriptors of files, but I don't know what the sense would be. These SIDs would never, on no machine, have a real user or group representation. It's not quite comparable with using non-existant uids on a Unix box. These uids can exist on another machine where they make sense. That's not how it is with SIDs since SIDs are bound to a computer or domain. Fake SIDs are bound to nothing at all and are never correctly recognized. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: chown with not existing user/group
Hi, Dave Korn dave.korn at artimi.com writes: Because it has to emulate unix perms by relating uid/gid to windows RIDs, which are owned, allocated and controlled by the system, and not under the arbitrary choice of the user, so the semantics wouldn't be the same even if we did create ACLs with unrecognised SIDs on them. Another question, why isn't possible to mount the partition with a special flag (like managed mode), where the permision are stored in a database instead of trying to map them on windows perms. This mode will do something like what does fakeroot on Linux. Matthieu -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: chown with not existing user/group
On Feb 29 09:16, Matthieu CASTET wrote: Hi, Dave Korn dave.korn at artimi.com writes: Because it has to emulate unix perms by relating uid/gid to windows RIDs, which are owned, allocated and controlled by the system, and not under the arbitrary choice of the user, so the semantics wouldn't be the same even if we did create ACLs with unrecognised SIDs on them. Another question, why isn't possible to mount the partition with a special flag (like managed mode), where the permision are stored in a database instead of trying to map them on windows perms. Why do you want to fake security when yoi can get the real thing? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
chown with not existing user/group
Hi, I wonder why on cygwin we can't use chown with numeric id that don't exist in /etc/passwd, /etc/group [1] ? On linux this works perfectly [2] Matthieu [1] $ touch /tmp/toto $ chown 12345:12346 /tmp/toto chown: changing ownership of `/tmp/toto': Invalid argument [2] $ touch /tmp/toto $ sudo chown 12345:12346 /tmp/toto $ ls -l /tmp/toto -rw-r--r-- 1 12345 12346 0 fév 28 14:56 /tmp/toto -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: chown with not existing user/group
On 28 February 2008 13:59, Matthieu CASTET wrote: Hi, I wonder why on cygwin we can't use chown with numeric id that don't exist in /etc/passwd, /etc/group [1] ? Because it has to emulate unix perms by relating uid/gid to windows RIDs, which are owned, allocated and controlled by the system, and not under the arbitrary choice of the user, so the semantics wouldn't be the same even if we did create ACLs with unrecognised SIDs on them. cheers, DaveK -- Can't think of a witty .sigline today -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: chown with not existing user/group
Hi, Dave Korn dave.korn at artimi.com writes: Because it has to emulate unix perms by relating uid/gid to windows RIDs, which are owned, allocated and controlled by the system, and not under the arbitrary choice of the user, so the semantics wouldn't be the same even if we did create ACLs with unrecognised SIDs on them. Ha, I forgot cygwin remaps them on windows perms. But then why does it works if I create dummy user in /etc/passwd. For example for root $ echo root:*:0:0:,S-1-5-32-545:: /etc/passwd $ chown root:root /tmp/toto $ ls -l /tmp/toto -rw-r--r-- 1 root root 0 Feb 28 14:49 /tmp/toto Does it means in this case I create ACLs with unrecognised SIDs ? Matthieu -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: chown with not existing user/group
On 28 February 2008 14:45, Matthieu CASTET wrote: But then why does it works if I create dummy user in /etc/passwd. Because cygwin relies on the contents of /etc/passwd to be accurate. Cygwin cannot in general know what SIDs exist out there in a domain (or even on a local machine), it treats /etc/passwd as a cache to save going out across the network to the domain controller for lookups every time a UID is needed. For example for root $ echo root:*:0:0:,S-1-5-32-545:: /etc/passwd $ chown root:root /tmp/toto $ ls -l /tmp/toto -rw-r--r-- 1 root root 0 Feb 28 14:49 /tmp/toto Does it means in this case I create ACLs with unrecognised SIDs ? No, because 1-5-32-545 is a real SID, hence recognised. It's a well-known SID that exists on all windows boxes. It is, however, a GID, not a UID: that is the SID of the Users group you have set there, so who knows how confused cygwin might be by that. Try a SID that actually doesn't exist, like S-1-5-23-599 for example, and you'll see it doesn't work. cheers, DaveK -- Can't think of a witty .sigline today -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: chown with not existing user/group
On Feb 28 14:55, Dave Korn wrote: On 28 February 2008 14:45, Matthieu CASTET wrote: But then why does it works if I create dummy user in /etc/passwd. Because cygwin relies on the contents of /etc/passwd to be accurate. Cygwin cannot in general know what SIDs exist out there in a domain (or even on a local machine), it treats /etc/passwd as a cache to save going out across the network to the domain controller for lookups every time a UID is needed. For example for root $ echo root:*:0:0:,S-1-5-32-545:: /etc/passwd $ chown root:root /tmp/toto $ ls -l /tmp/toto -rw-r--r-- 1 root root 0 Feb 28 14:49 /tmp/toto Does it means in this case I create ACLs with unrecognised SIDs ? No, because 1-5-32-545 is a real SID, hence recognised. It's a well-known SID that exists on all windows boxes. It is, however, a GID, not a UID: that is the SID of the Users group you have set there, so who knows how confused cygwin might be by that. What confusion? In contrast to POSIX, there's no difference between a user SID and a group SID from the perspective of security descriptors. Cygwin doesn't care either, as long as the SID shows up in one of the /etc/passwd, /etc/group files. Windows allows to use a group SID as owner and a user SID as group in a SD. The group SID in the SD has no meaning in Win32 anyway. It's more or less only useful for the POSIX subsystem and, FWIW, Cygwin which uses it for it's own malicious purposes(*) insert lunatic laughter here. Corinna (*) As group, actually. Hmm, I spoiled it slightly, right? -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
