为什么 Windows 中默认的 Git 组文件是 197121?
Why is the default group of Git files in Windows is 197121?
在Windows下,Git(MINGW64)给一个文件分配了一个默认组:197121(PS:如果你在网上搜索这个数字,你会发现大多数的问题与 Git) 有关。请问这个组(或数字)有没有意义?
ls - al
drwxr-xr-x 1 Zhang 197121 0 August 18 09:46 file.txt
是组“None”。
如 this thread
中所述
When you ask the Windows GUI for the ACL of a file,
it knows whom to ask for the SIDs. It's either a SID it knows anyway
(builtin, SAM, AD), or it asks the underlying server of the share.
However, the account handling in Cygwin is decoupled from the code
fetching file ACLs. It ony generically cares for passwd and group
entries, and it only knows to ask SAM or AD for the SID. It has no
connection to the server serving the share. This might be possible,
but code for that just isn't there.
Eryk Sun adds in :
how "S-1-5-21--513" (None) is mapped to the GID value 197121:
Group=S-1-5-21-XXX-513(WINDOWS\None) (gid=197121)
The hex value 0x30201 provides some insight, since 0x201 is 513, but I don't know where 0x30 comes from.
It also helps to know that the access token for most users in Windows sets "None" as the default group for new objects (i.e. TokenPrimaryGroup).
Windows access checks don't use the object's group directly (unlike Cygwin), but an entry for the group will be added to the DACL of an object if its parent container has an inheritable entry for "CREATOR GROUP" (S-1-3-1).
The lower part equal to 0x0201 is explained as the RID value DOMAIN_GROUP_RID_USERS for group "None" (aka "Domain Users" if the machine is attached to a domain), assuming they're only using the lower 16 bits of 32-bit RID values, but I'm still curious where the initial 3 comes from in 0x30201.
Similarly, for the first assigned user SID "S-1-5-21-<MACHINE ID>-1001", the Cygwin UID is 0x303E9, which has the same leading 0x3.
另见“How to use native "Active Directory Services Interface" (ADSI) components to find the primary group”:
The primary group of a user is stored (as the group's RID in the user's domain) on the PrimaryGroupID attribute of a user object.
A user's primary group can only be a group that exists in the same domain as the user, and this group has to be a group that the user is a member of.
Also, this Group object in the Active Directory has an attribute called PrimaryGroupToken, which stores the RID for this group within the domain.
This thread 添加:
The integer 513 is value of the primaryGroupToken attribute of the group "Domain Users".
All users whose primaryGroupID is 513 have this group designated as their primary.
这与security identifiers, as seen here有关:
SID
S-1-5-domain-513
Display Name
Domain Users
Description
A global group that includes all users in a domain.
When you create a new User object in Active Directory, the user is automatically added to this group.
Cygwin id 197121 == RID 513 == 0x201 - in range of reserved RIDs < 1000.
在Windows下,Git(MINGW64)给一个文件分配了一个默认组:197121(PS:如果你在网上搜索这个数字,你会发现大多数的问题与 Git) 有关。请问这个组(或数字)有没有意义?
ls - al
drwxr-xr-x 1 Zhang 197121 0 August 18 09:46 file.txt
是组“None”。
如 this thread
When you ask the Windows GUI for the ACL of a file, it knows whom to ask for the SIDs. It's either a SID it knows anyway (builtin, SAM, AD), or it asks the underlying server of the share.
However, the account handling in Cygwin is decoupled from the code fetching file ACLs. It ony generically cares for passwd and group entries, and it only knows to ask SAM or AD for the SID. It has no connection to the server serving the share. This might be possible, but code for that just isn't there.
Eryk Sun adds in
how "S-1-5-21--513" (None) is mapped to the GID value 197121:
Group=S-1-5-21-XXX-513(WINDOWS\None) (gid=197121)The hex value
0x30201provides some insight, since0x201is513, but I don't know where0x30comes from.
It also helps to know that the access token for most users in Windows sets "None" as the default group for new objects (i.e.TokenPrimaryGroup).Windows access checks don't use the object's group directly (unlike Cygwin), but an entry for the group will be added to the DACL of an object if its parent container has an inheritable entry for "
CREATOR GROUP" (S-1-3-1).The lower part equal to
0x0201is explained as the RID valueDOMAIN_GROUP_RID_USERSfor group "None" (aka "Domain Users" if the machine is attached to a domain), assuming they're only using the lower 16 bits of 32-bit RID values, but I'm still curious where the initial 3 comes from in0x30201.
Similarly, for the first assigned user SID "S-1-5-21-<MACHINE ID>-1001", the Cygwin UID is0x303E9, which has the same leading0x3.
另见“How to use native "Active Directory Services Interface" (ADSI) components to find the primary group”:
The primary group of a user is stored (as the group's RID in the user's domain) on the
PrimaryGroupIDattribute of a user object.A user's primary group can only be a group that exists in the same domain as the user, and this group has to be a group that the user is a member of.
Also, this Group object in the Active Directory has an attribute called
PrimaryGroupToken, which stores the RID for this group within the domain.
This thread 添加:
The integer 513 is value of the
primaryGroupTokenattribute of the group "Domain Users".
All users whoseprimaryGroupIDis 513 have this group designated as their primary.
这与security identifiers, as seen here有关:
SID
S-1-5-domain-513
Display Name
Domain Users
Description
A global group that includes all users in a domain.
When you create a new User object in Active Directory, the user is automatically added to this group.
Cygwin id 197121 == RID 513 == 0x201 - in range of reserved RIDs < 1000.