git@vger.kernel.org mailing list mirror (one of many)
 help / Atom feed
From: Ramsay Jones <ramsay@ramsayjones.plus.com>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Cc: Adam Dinwoodie <adam@dinwoodie.org>,
	Junio C Hamano <gitster@pobox.com>,
	GIT Mailing-list <git@vger.kernel.org>
Subject: Re: Test failure for v2.16.0-rc0 on cygwin
Date: Wed, 10 Jan 2018 23:17:37 +0000
Message-ID: <87f53af7-4f5b-22a7-b950-772eb67b0151@ramsayjones.plus.com> (raw)
In-Reply-To: <alpine.DEB.2.21.1.1801042152570.32@MININT-6BKU6QN.europe.corp.microsoft.com>



On 04/01/18 20:55, Johannes Schindelin wrote:
> On Tue, 2 Jan 2018, Ramsay Jones wrote:
[snip]
>> Also, when logged-in remotely it fails consistently, when logged-in
>> directly it passes consistently. :-D
> 
> You are most likely hitting cmd.exe at some point there. In cmd.exe, there
> are some restrictions that are inherited by spawned processes AFAIU. For
> example, the current directory cannot be a UNC path.
> 
> You are most likely running the interactive Cygwin session in MinTTY? Then
> you do not get those restrictions. If you start Cygwin in a cmd.exe
> window, you should see the exact same test failures again.

I actually don't see a difference when starting cygwin from a cmd.exe, it
passes just fine. The interactive cygwin session(s), either directly, or
most often via the X-server (with ssh-agent in between!), all have their
id's and group membership look like:

  $ who
  $ id
  uid=1001(ramsay) gid=513(None) groups=513(None),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local account),66048(LOCAL),262154(NTLM Authentication),401408(Medium Mandatory Level)
  $

However, when remotely logged-in over shh, it looks like:

  $ who -H
  NAME     LINE         TIME             COMMENT
  ramsay   pty2         2018-01-02 19:48 (192.168.1.2)
  $ id
  uid=1001(ramsay) gid=513(None) groups=513(None),11(Authenticated Users),66048(LOCAL),66049(CONSOLE LOGON),4(INTERACTIVE),15(This Organization),545(Users),0(root),405504(High Mandatory Level)
  $

So, when remotely logged-in, we have:

  Additional groups: 0(root), 405504(High Mandatory Level)

  Missing groups: 113(Local account), 262154(NTLM Authentication),
                  401408(Medium Mandatory Level)

I haven't thought too much about what that means ...

After reading this[1], I have been meaning to try setting the
'LocalAccountTokenFilterPolicy' registry variable mentioned in
that article, to see if that would make any difference. I haven't
found the time yet ... :-D

ATB,
Ramsay Jones


[1] http://www.tomsitpro.com/articles/windows-10-administrative-shares,2-47.html

      reply index

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-30 14:21 Ramsay Jones
2017-12-30 14:40 ` Adam Dinwoodie
2018-01-02 11:36   ` Adam Dinwoodie
2018-01-02 15:32     ` Ramsay Jones
2018-01-02 19:34       ` Ramsay Jones
2018-01-04 20:55         ` Johannes Schindelin
2018-01-10 23:17           ` Ramsay Jones [this message]

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87f53af7-4f5b-22a7-b950-772eb67b0151@ramsayjones.plus.com \
    --to=ramsay@ramsayjones.plus.com \
    --cc=Johannes.Schindelin@gmx.de \
    --cc=adam@dinwoodie.org \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

git@vger.kernel.org mailing list mirror (one of many)

Archives are clonable:
	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://ou63pmih66umazou.onion/inbox.comp.version-control.git
	nntp://czquwvybam4bgbro.onion/inbox.comp.version-control.git
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.version-control.git
	nntp://news.gmane.org/gmane.comp.version-control.git

 note: .onion URLs require Tor: https://www.torproject.org/
       or Tor2web: https://www.tor2web.org/

AGPL code for this site: git clone https://public-inbox.org/ public-inbox