POSIX permission mapping and NULL SIDs

Fri Jun 24 22:31:00 GMT 2016

On Jun 24 21:37, Bill Zissimopoulos wrote:
> On 6/24/16, 12:51 PM, "Corinna Vinschen" <cygwin-owner@cygwin.com on
> behalf of corinna-cygwin@cygwin.com> wrote:
> >Not yet. We're coming from the other side. We always have *some* SID.
> >pwdgrp::fetch_account_from_windows() in uinfo.cc tries to convert the SID
> >to a passwd or group entry. If everything fails, the SID is used in this
> >passwd/group entry verbatim, but mapped to uid/gid -1.
>> I also noticed that there is no uid mapping for nobody. On my OSX box it
> is -2. On many other POSIX systems it appears to be the 32-bit or 16-bit
> equivalent of -2.

In fact it's an entirely arbitrary choice. On Fedora Linux, for instance,
there is no "nogroup", but there is:
/etc/passwd:
 nobody:x:99:99:Nobody:/:/sbin/nologin
 nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
/etc/group:
 nobody:x:99:
 nfsnobody:x:65534:
Note the 65534 here. This is -2 *if* the remote system uses 16 bit
signed uid/gid values. However, these days uid/gid values are at least
32 bit, so -2 kind of lost its meaning.
> For the time being I am mapping unknown SID’s to -1 as per Cygwin.

We could kick this around a bit and maybe reserve -2, 99 or 65534 for
an arbitrary "nobody" account. But since we're on Windows the SID value
is important, not so much the uid/gid values.
> >If you want some specific mapping we can arrange that, but it must not
> >be the NULL SID. If you know you're communicating with a Cygwin process,
> >what about using an arbitrary, unused SID like S-1-0-42?
>> I am inclined to try S-1-5-7 (Anonymous). But I do not know if that is a
> bad choice for some reason or other.

I thought about Anonymous myself when I wrote my reply to your OP. I
refrained from mentioning it because it might have some unexpected side
effect we're not aware about.
> The main reason that I am weary of using an unused SID is that Microsoft
> may decide to assign some special powers to it in a future release (e.g.
> GodMode SID). But I agree that this is rather unlikely in the S-1-0-X
> namespace.

I think it's very unlikely. We could chose any RID value we like and
the chance for collision is nil. When I created the new implementation
for POSIX ACLs, I toyed around with this already and used a special
Cygwin SID within the NULL SID AUTHORITY. I'm not entirely sure why I
changed this to the NULL SID deny ACE. I think I disliked the fact that
almost every Cygwin ACL would contain a mysterious "unknown SID".
On second thought, maybe that would have avoided the UoW problem?!?
Well, how should I have known about UoW when I implemanted this, right?
> >How do you differ nobody from nogroup if you use the same SID for both,
> >btw.?
>> I use the same SID for both nobody and nogroup. This should work as long
> as you use the permission mapping from the [PERMS] document.

Keep in mind that Interix only supported standard POSIX permission bits.
Cygwin strives to support POSIX ACLs per POSIX 1003.1e draft 17. That's
a bit more extensive.
Corinna
-- 
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20160624/469283fc/attachment.sig>