Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.4.0-0.4

[Corinna Vinschen <corinna-cygwin at cygwin dot com>]

On Nov 29 15:10, Kacper Michajlow wrote:
> 2015-11-29 13:59 GMT+01:00 Corinna Vinschen <corinna-cygwin@cygwin.com>:
> > On Nov 29 02:16, Andrey Repin wrote:
> >> Greetings, Kacper Michajlow!
> >>
> >> >> Please also attach the output of `id' and of `getfacl . test test/test'.
> >>
> >> > getfacl attached. `id` output is already in cygcheck.log
> >>
> >> > In getfacl output this line `default:group:1001 <unknown>:r-x` looks
> >>
> >> Uh-oh.
> >> Do you, by any chance, have /etc/passwd file?
> >> Or a user comment changing relevant information?
> >
> > I agree with Andrey here: Uh oh!
> >
> > The mkdir trace contains a suspicious snippet which is the reason
> > the mkdir call doesn't manage to post-process the ACL:
> >
> >   [...] pwdgrp::fetch_account_from_windows: LookupAccountSidW (S-1-5-32-1001), Win32 error 1332
> >   [...] /[...]/security.cc:337 status 0xC0000078 -> windows error 1337
> >
> > Status 0xC0000078 aka Win32 error 1337 means "invalid SID".  And the
> > SID 1-5-32-1001 is in fact invalid.  The S-1-5-32 prefix denotes a builtin
> > account, but the RID 1001 is invalid for a builtin group.  1001 is the
> > RID of your user account, though, but that would be prefixed by the SID
> > of your machine, which looks like S-1-5-21-XXXXXXXX-YYYYYYYY-ZZZZZZZZ.
> > I don't see how this broken SID came into life, unless your /etc/passwd
> > and/or /etc/group files are broken (hand edited perhaps?).
> 
> I guess I only changed shell to zsh in /etc/passwd, but no other
> changes were made. So I have no idea how they could get corrupted
> either.

They aren't.  There is no 1-5-32-1001 SID in those files and both files
look entirely insuspicious.  Given that Cygwin doesn't create any such
SID from scratch, I'm totally puzzled where this SID is coming from.
Your mkdir trace output doesn't show this SID anywhere else either.
This definitely requires more debugging...

> $ icacls test
> test NULL SID:(DENY)(Rc,S)
>      DOMEK\Kacper:(F)
>      DOMEK\Kacper:(RX)
>      Wszyscy:(RX)
>      NULL SID:(OI)(CI)(IO)(DENY)(Rc,S)
>      TWORCA-WLASCICIEL:(OI)(CI)(IO)(F)
>      GRUPA TWORCOW:(OI)(CI)(IO)(RX)
>      Wszyscy:(OI)(CI)(IO)(RX)
> 
> $ icacls test/test
> test/test NULL SID:(DENY)(Rc,S)
>           DOMEK\Kacper:(F)
>           DOMEK\Kacper:(RX)
>           Wszyscy:(RX)
>           NULL SID:(OI)(CI)(IO)(DENY)(Rc,S)
>           TWORCA-WLASCICIEL:(OI)(CI)(IO)(F)
>           GRUPA TWORCOW:(OI)(CI)(IO)(RX)
>           Wszyscy:(OI)(CI)(IO)(RX)

Looks better now.

> BTW. icacls doesn't handle UTF-8 characters well. Just saying.

Heh, yeah.  But given that icacls is a Windows tool, not a Cygwin
tool, I'm rather relaxed about this ;)  I'm wondering about the
lack of UTF-8 support in most Windows CLI tools myself.

> > - Try chmod 755 test/test again.
> 
> Works.

Ok, that's good to know.  Now I just have to find out where this
weird SID was created :-P

> > - Also, would you mind to attach your /etc/passwd, /etc/group and
> >   /etc/nsswitch.conf files to your reply?
> 
> /etc/nsswitch.conf has only commented out default values. Two others
> are attached. To make this clear, I never edited those files except
> zsh change

Not even the group entry for group 11001?  It doesn't look like an
entry which would get created automatically.

> so if they are corrupted in any way they must have been
> produced like that. Though it probably was over the year ago when I
> installed cygwin on this machine.

No, the files look ok, basically.

> I personally am fine with abandoning /etc/passwd and /etc/group. This
> is good enough solution for me. Though there might be other people
> with the same issue.

This seems to be a bug in Cygwin, and with the content of your files I
finally managed to reproduce the issue.  I'm planning to debug this next
week and, hopefully, come up with a patch.  It would be nice if you
could do another test then in your environment :}


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpqvsB1NVRiW.pgp
Description: PGP signature