This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: No support for ACLs on network shares?


On Nov 23 04:28, Matt D. wrote:
> Andrey,
> 
> My samba server is configured to use winbind and when inspecting the file
> using explorer properties, the SIDs resolve correctly as:
> 
> "NAME (HOSTNAME\username)"
> 
> where "NAME" is my name on the unix account and "username" is my login.
> 
> The problem is that Cygwin isn't aware of this SID since it's the user I log
> in as to the remove server and isn't a local SID.

I don't know why that occurs.  I'd have expected to see something like
UnixUser+number at least.  However, the above is not the situation you
use winbind for.  Winbind maps Windows user accounts to Unix accounts,
but in the above case it's a real Unix account, not one of the mappings
used by Winbind.

Your case is tricky.  Windows doesn't care for the account, unless
you open the security tab in the properties dialog.  In that case
Explorer knows the share it's looking up and so knows which server
to ask for the account information.  In Cygwin this works differently.
Given the current flow of information, the account functions in Cygwin
only get told something like "please return a passwd entry for SID
S-1-x-y-z".  The functions don't know in which scenario the request
is performed, so it only asks the local machine for the SID, and the
local machine only looks into its own SAM, or in an AD environment
it's DC.  If those don't know the account, Cygwin has to handle this
account as unknown.  ANother way to dereference an account is by
utilizing the user mapping per RFC 2307 as outlined in
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba
The method described therein allows to map the Unix account to your
local Windows account, so from Cygwin's POV the files belong to your
Windows user.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpRqkgG9V0kC.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]