On Feb 25 19:14, Achim Gratz wrote: > Corinna Vinschen writes: > > This is a pretty intrusive change, in need of some serious testing, so > > I'd like to ask for volunteers. The latest 2014-02-13 snapshot from > > http://cygwin.com/snapshots/ contains the changes, including the latest > > bugfix. > > I've tested the 2014-02-19 snapshot at work. Two problems: > > 1. Running "id" takes 13 seconds to fetch my 440 group memberships > (possibly there are some users that would be in ~10x as many groups). > Caching doesn't seem to be effective for this since the next several
The stuff in the `id' application is not cached at all. Caching is inherited from the parent process, but the parent never asked for all your groups so it hasn't cached this information. Every invocation of id has to request the group info anew. > invocations of "id" take the same time. During most of that time you > actually can't ^C the process, lsass is growing a few dozen threads and > seems to be talking to the DC. Falling back to use just the /etc files > makes this work really fast (much faster than without the snapshot). Do you have a very slow connection to your DC by any chance? I admit that I never tested with 440 groups, only with about 30 or so, but 13 seconds sounds *very* lame. OTOH, this isn't *quite* unexpected. Right now, the LDAP connection to the DC is opened and closed for every single account request. I wasn't sure yet if the ldap connection should be opened only once per process and then stay open for the rest of the process lifetime. This sounds so much like wasting sockets... > 2. I use a few volumes on NetApp filers that have security set up so > that you can't change attributes. That means POSIX permissions are > always listed as "0000". I uausally mount these noacl, but when I > access them via their UNC path (for instance when Windows runs a script > from a CWD on that volume, then Perl reports false for file test > operators (-x, -w) other than existence. Backing out the snapshot > reverts to the previous behaviour of these test operators correctly > determining that my effective rights (via normal and extended security > attributes tied to a group memberships) are sufficient. The shell > (bash, tcsh) test operators work correctly, but I don't know what Perl > is doing differently. The fact that the shells are doing it right seems to indicate that this isn't a generic problem. I can't debug this, though. Can you see if you can figure out what's going on under the hood? Does strace show anything of interest? Can we perhaps set up some joint debugging via private mail during the next couple of days? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
pgp1E9nCRQAWq.pgp
Description: PGP signature
