CIFS Permission with freenas shares - Strange effects with cygwin

[floogy]

Hi,
merry christmas to all!

I got issues with my lack of understanding windows cifs permissions implemented in freenas samba / zfs-datasets. I created a daatset /mnt/ao and shared a created folder in that dataset (mnt/ao/ao) and mapped it to Y: in windows. It had root:wheel permissions.

I created by connecting with ssh to freenas with mkdir a folder in /mnt/ao/ao and gave under Windows, with Explorer > Properties > Secyrity tab permissions everyone (Jeder) and f.floogy with full-access to it.

After the last update of Freenas ( FreeNAS-9.3-STABLE-201512121950 ) I got isses with cygwin access to the share. By mkdir created folders are behaving strange, they got not the right permissions/ACLs.

Unfortunately, now I might have already messed up permissions py trying to cope with the new situation.

I guess, I didn't set up the share the right way in the first place, and now, after a cifs / acl bug was solved, it creates issues, that I used wrong user:groups for the share?

In the release notes I found this:

#12362 Bug Expected New created FreeNAS groups are not being mapped to Windows/Samba groups​

Code:

freenas.hwg.local changes in mounted filesystems:
12c12
< freenas-boot/ROOT/FreeNAS-9.3-STABLE-201511280648 /       zfs   rw,noatime,nfsv4acls    0 0
---
> freenas-boot/ROOT/FreeNAS-9.3-STABLE-201512121950 /       zfs   rw,noatime,nfsv4acls    0 0

I changed now the Permissions to f.floogy:domänen-users (dom-users) If i create a folder with explorer everything is fine. But if I create a folder by mkdir in cygwin, I got strange permission effects, but with
cmd /c mkdir cmd
everything seems to be fine.

But $ mkdir 13 under cygwin only ( without cmd /c ) got strange results:

Situation folder '13' (created by mkdir cygwin) versus cmd (created under cygwin by cmd.exe /c mkdir )

Same situation under cygwin64

I now created on freenas a new dataset data, with default values, but permissions for windows shares and with an AD user and Dom-users as group. I then created a folder in the new share from windows by using windows explorer (win 7 x64) and everything was fine in security tab. Then I cd into that new directory on the new created freenas share and created a folder by using cygwin64 mkdir. The permissions of that folder are messed up, and the user:dom-users are both not showing one singel check-symbol and seems not allowing anything. getfacl on freenas on that folder are showing permissions that look like that I should have access and see the check-icons in the security tab, but in Explorer there is no access visible.
https://bpaste.net/show/61cd7a617e91

Code:

[root@freenas] ~# getfacl "/mnt/ao/data"
# file: /mnt/ao/data
# owner: f.floogy
# group: domänen-benutzer
  owner@:rwxpDdaARWcCos:fd----:allow
  group@:rwxpDdaARWcCos:fd----:allow
  everyone@:r-x---a-R-c---:fd----:allow
[root@freenas] ~# getfacl "/mnt/ao/data"/test_created_by_Explorer/
# file: /mnt/ao/data/test_created_by_Explorer/
# owner: f.floogy
# group: domänen-benutzer
  owner@:rwxpDdaARWcCos:fd----:allow
  group@:rwxpDdaARWcCos:fd----:allow
  everyone@:r-x---a-R-c---:fd----:allow
[root@freenas] ~# getfacl "/mnt/ao/data"/test_created_by_Explorer/test_created_by_cygwin64_mkdir/
# file: /mnt/ao/data/test_created_by_Explorer/test_created_by_cygwin64_mkdir/
# owner: f.floogy
# group: domänen-benutzer
 group:f.floogy:rwxpDdaARWcCo-:------:allow
  group@:r-x---a-R-c---:------:allow
  everyone@:r-x---a-R-c---:------:allow
  group:90000008:rwxpDdaARWcCo-:fdi---:allow
  group:90000007:r-x---a-R-c---:fdi---:allow
  everyone@:r-x---a-R-c---:fdi---:allow
[root@freenas] ~#

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. Alle Rechte vorbehalten.

PS C:\Users\f.floogy> Get-Acl \\freenas\data | Format-List


Path  : Microsoft.PowerShell.Core\FileSystem::\\freenas\data
Owner  : MYDOM\f.floogy
Group  : MYDOM\Domänen-Benutzer
Access : Jeder Allow  ReadAndExecute, Synchronize
  MYDOM\Domänen-Benutzer Allow  FullControl
  MYDOM\f.floogy Allow  FullControl
Audit  :
Sddl  : O:S-1-5-21-3351802826-340867546-1299527722-1106G:DUD:(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;DU)(A;OICI;FA;;;S-1-5-
  21-3351802826-340867546-1299527722-1106)



PS C:\Users\f.floogy> Get-Acl \\freenas | Format-List
Get-Acl : Der UNC-Pfad muss folgendes Format haben: \\server\share.
Bei Zeile:1 Zeichen:8
+ Get-Acl <<<<  \\freenas | Format-List
  + CategoryInfo  : InvalidArgument: (\\freenas:String) [Get-Acl], ArgumentException
  + FullyQualifiedErrorId : ItemExistsArgumentError,Microsoft.PowerShell.Commands.GetAclCommand

Get-Acl : Der Pfad "\\freenas" kann nicht gefunden werden, da er nicht vorhanden ist.
Bei Zeile:1 Zeichen:8
+ Get-Acl <<<<  \\freenas | Format-List
  + CategoryInfo  : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException
  + FullyQualifiedErrorId : GetAcl_PathNotFound_Exception,Microsoft.PowerShell.Commands.GetAclCommand

PS C:\Users\f.floogy> Get-Acl \\freenas\data\test_created_by_Explorer | Format-List


Path  : Microsoft.PowerShell.Core\FileSystem::\\freenas\data\test_created_by_Explorer
Owner  : MYDOM\f.floogy
Group  : MYDOM\Domänen-Benutzer
Access : MYDOM\f.floogy Allow  FullControl
  MYDOM\Domänen-Benutzer Allow  FullControl
  Jeder Allow  ReadAndExecute, Synchronize
Audit  :
Sddl  : O:S-1-5-21-3351802826-340867546-1299527722-1106G:DUD:(A;OICIID;FA;;;S-1-5-21-3351802826-340867546-1299527722-1
  106)(A;OICIID;FA;;;DU)(A;OICIID;0x1200a9;;;WD)



PS C:\Users\f.floogy> Get-Acl \\freenas\data\test_created_by_Explorer\test_created_by_cygwin64_mkdir | Format-List


Path  : Microsoft.PowerShell.Core\FileSystem::\\freenas\data\test_created_by_Explorer\test_created_by_cygwin64_mkdir
Owner  : MYDOM\f.floogy
Group  : MYDOM\Domänen-Benutzer
Access : Jeder Allow  ReadAndExecute, Synchronize
  ERSTELLER-BESITZER Allow  FullControl
  ERSTELLERGRUPPE Allow  ReadAndExecute, Synchronize
  MYDOM\Domänen-Benutzer Allow  ReadAndExecute, Synchronize
  MYDOM\f.floogy Allow  FullControl
Audit  :
Sddl  : O:S-1-5-21-3351802826-340867546-1299527722-1106G:DUD:P(A;OICI;0x1200a9;;;WD)(A;OICIIO;FA;;;CO)(A;OICIIO;0x1200
  a9;;;CG)(A;;0x1200a9;;;DU)(A;;FA;;;S-1-5-21-3351802826-340867546-1299527722-1106)



PS C:\Users\f.floogy>

 

[floogy]

I now replaced mkdir in my script with cmd /c mkdir, which leads in sane directories, but other applications like unix2dos, sed or imagemagick seem to create files with wrong permissions as well.

Code:

[52. Week, Fr, 2015-12-25, 20:43] f.floogy@PC20 /cygdrive/j/Decor
$ getfacl Decor
# file: Decor
# owner: f.floogy
# group: Domänen-Benutzer
user::rwx
group::rwx
other:r-x
default:user::rwx
default:user:f.floogy:rwx
default:group::rwx
default:group:Domänen-Benutzer:rwx
default:mask:rwx
default:other:r-x


[52. Week, Fr, 2015-12-25, 20:43] f.floogy@PC20 /cygdrive/j/Decor
$ getfacl Decor/*
# file: Decor/DET
# owner: f.floogy
# group: Domänen-Benutzer
user::rwx
group::rwx
other:r-x
default:user::rwx
default:user:f.floogy:rwx
default:group::rwx
default:group:Domänen-Benutzer:rwx
default:mask:rwx
default:other:r-x

# file: Decor/Decor_120dpi.aoTexInf
# owner: f.floogy
# group: Domänen-Benutzer
user::rw-
group::r--
other:r--

# file: Decor/Decor_150dpi.aoTexInf
# owner: f.floogy
# group: Domänen-Benutzer
user::rw-
group::r--
other:r--

# file: Decor/Decor_36dpi.aoTexInf
# owner: f.floogy
# group: Domänen-Benutzer
user::rw-
group::r--
other:r--

# file: Decor/Decor_72dpi.aoTexInf
# owner: f.floogy
# group: Domänen-Benutzer
user::rw-
group::r--
other:r--

# file: Decor/Decor_96dpi.aoTexInf
# owner: f.floogy
# group: Domänen-Benutzer
user::rw-
group::r--
other:r--

# file: Decor/Decor_SEG.tif
# owner: f.floogy
# group: Domänen-Benutzer
user::rw-
group::r--
other:r--

# file: Decor/montage
# owner: f.floogy
# group: Domänen-Benutzer
user::rwx
group::rwx
other:r-x
default:user::rwx
default:user:f.floogy:rwx
default:group::rwx
default:group:Domänen-Benutzer:rwx
default:mask:rwx
default:other:r-x

# file: Decor/orig
# owner: f.floogy
# group: Domänen-Benutzer
user::rwx
group::rwx
other:r-x
default:user::rwx
default:user:f.floogy:rwx
default:group::rwx
default:group:Domänen-Benutzer:rwx
default:mask:rwx
default:other:r-x


[52. Week, Fr, 2015-12-25, 20:44] f.floogy@PC20 /cygdrive/j/Decor

Code:

[...]
[1;32mCreating TIFF Texture[0m for [1;33m36dpi.[0m

[1;32mCreating TIFF Texture[0m for [1;33m36dpi.[0m
[1782] Texture Size: 1735x1828
convertconvert: unable to open image `Decor/Decor_150dpi.tif': No such file or directory @ error/blob.c/OpenBlob/2695.
convert: no images defined `Decor/Decor_36dpi.tif' @ error/convert.c/ConvertImageCommand/3212.
: unable to open image `Decor/Decor_150dpi.tif': No such file or directory @ error/blob.c/OpenBlob/2695.
convert: no images defined `Decor/Decor_36dpi.tif' @ error/convert.c/ConvertImageCommand/3212.
[1;32mCreating JPEG Texture[0m for [1;33m36dpi.[0m
[1;32mCreating JPEG Texture[0m for [1;33m36dpi.[0m
convert: unable to open image `Decor/Decor_36dpi.tif': No such file or directory @ error/blob.c/OpenBlob/2695.
convert: no images defined `Decor/Decor_36dpi.jpg' @ error/convert.c/ConvertImageCommand/3212.
[1;32mAdjust the exif header[0m of TIFF and JPEG to fit to the density and ICC profile.
[1;32mAdjust the exif header[0m of TIFF and JPEG to fit to the density and ICC profile.
Error: File not found - Decor/Decor_36dpi.jpg
  0 image files updated
  1 files weren't updated due to errors
Error: File not found - Decor/Decor_36dpi.tif
  0 image files updated
  1 files weren't updated due to errors
[1;32mCreating aoTexInf[0m for [1;33m36dpi.[0m
[1;32mCreating aoTexInf[0m for [1;33m36dpi.[0m
„Decor/Decor_150dpi.aoTexInf“ -> „Decor/Decor_36dpi.aoTexInf“
unix2dos: Datei Decor/Decor_36dpi.aoTexInf wird ins DOS-Format umgewandelt …
  70  0  no_bom  text  Decor/Decor_36dpi.aoTexInf
Decor/Decor_36dpi.aoTexInf: ASCII text, with CRLF line terminators

[1;32mCleanup[0m: Deleting temporary working folder 'montage' and it's content
   and move original Scans to the new created folder 'orig'.

rm: das Entfernen von „Decor/montage“ ist nicht möglich: Device or resource busy
„Decor/Decor_01.png“ -> „Decor/orig/Decor_01.png“
„Decor/Decor_02.png“ -> „Decor/orig/Decor_02.png“
„Decor/Decor_03.png“ -> „Decor/orig/Decor_03.png“
„Decor/Decor_04.png“ -> „Decor/orig/Decor_04.png“
„Decor/Decor_05.png“ -> „Decor/orig/Decor_05.png“
„Decor/Decor_06.png“ -> „Decor/orig/Decor_06.png“
identify: Not a TIFF or MDI file, bad magic number 12928 (0x3280). `Decor/DET/Decor_01_CMYK_150dpi.tif' @ error/tiff.c/TIFFErrors/552.
identify: Not a TIFF or MDI file, bad magic number 8320 (0x2080). `Decor/DET/Decor_02_CMYK_150dpi.tif' @ error/tiff.c/TIFFErrors/552.
identify: Not a TIFF or MDI file, bad magic number 13696 (0x3580). `Decor/DET/Decor_03_CMYK_150dpi.tif' @ error/tiff.c/TIFFErrors/552.

 

[floogy]

I opened a bug for this issue: https://bugs.freenas.org/issues/12921
I posted that on the cygwin ML too.

The newest cygwin snapshot 2.4.0 testversion has some changes in ACL interpretation. I hoped, that this may solve my issue, but ...

https://www.cygwin.com/ml/cygwin/2015-12/msg00273.html

What's new:
-----------

- New, unified implementation of POSIX permission and ACL handling. The
new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
they allow to inherit the S_ISGID bit. ACL inheritance now really
works as desired, in a limited, but theoretically equivalent fashion
even for non-Cygwin processes.

To accommodate standard Windows ACLs, the POSIX permissions of the
owner and all other users in the ACL are computed using the Windows
AuthZ API. This may slow down the computation of POSIX permissions
noticably in some circumstances, but is generally more correct. The
new code also ignores SYSTEM and Administrators group permissions when
computing the MASK/CLASS_OBJ permission mask on old ACLs, and it
doesn't deny access to SYSTEM and Administrators group based on the
value of MASK/CLASS_OBJ when creating the new ACLs.

The new code now handles the S_ISGID bit on directories as on Linux:
Setting S_ISGID on a directory causes new files and subdirs created
within to inherit its group, rather than the primary group of the user
who created the file. This only works for files and directories
created by Cygwin processes.

... with Windows 8.1 x64 and cygwin64 2.4.0 snapshot the issue remains the same.

The message says something like "Due to permissions upside down, some entries wouldn't be functional."
or "Permissions are not in the right order. Some entries might not function properly."

I found something in the cygwin ML from a developer Corinna Vinschen "How to set full control to Everyone on USB hard drive files and directories?" She suggested to use the noacl mount option in cygwin, hm...

https://cygwin.com/ml/cygwin/2010-04/msg00524.html


https://bugs.freenas.org/issues/12921

 

[anodos]

Post the following:

• Output of "zfs get aclmode ao/data"
• /etc/local/smb4.conf

 

[floogy]

Hello anodos,

Thank you very much! I highly appreciate your help!
As I noticed before, I can imagine of a user misconfiguration of myself, which now, after the bug fix, appears to me with these permission issues.

Code:

[root@freenas] ~# zfs get aclmode ao/data
NAME  PROPERTY  VALUE  SOURCE
ao/data  aclmode  restricted  local

Code:

[root@freenas] ~# zfs get aclmode ao/data
NAME  PROPERTY  VALUE  SOURCE
ao/data  aclmode  restricted  local
[root@freenas] ~# cat /etc/local/smb4.conf
[global]
  server max protocol = SMB2
  interfaces = 127.0.0.1 192.168.70.152
  bind interfaces only = yes
  encrypt passwords = yes
  dns proxy = no
  strict locking = no
  oplocks = yes
  deadtime = 15
  max log size = 51200
  max open files = 469271
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  getwd cache = yes
  guest account = nobody
  map to guest = Bad User
  obey pam restrictions = yes
  directory name cache size = 0
  kernel change notify = no
  panic action = /usr/local/libexec/samba/samba-backtrace
  nsupdate command = /usr/local/bin/samba-nsupdate -g
  server string = FreeNAS Server
  ea support = yes
  store dos attributes = yes
  lm announce = yes
  unix extensions = no
  acl allow execute always = true
  acl check permissions = true
  dos filemode = yes
  multicast dns register = yes
  domain logons = no
  idmap config *: backend = tdb
  idmap config *: range = 90000001-100000000
  server role = member server
  netbios name = FREENAS
  workgroup = MYDOM
  realm = MYDOM.LOCAL
  security = ADS
  client use spnego = yes
  cache directory = /var/tmp/.cache/.samba
  local master = no
  domain master = no
  preferred master = no
  ads dns update = yes
  winbind cache time = 7200
  winbind offline logon = yes
  winbind enum users = yes
  winbind enum groups = yes
  winbind nested groups = yes
  winbind use default domain = yes
  winbind refresh tickets = yes
  winbind nss info = rfc2307
  idmap config MYDOM: backend = rid
  idmap config MYDOM: range = 20000-90000000
  allow trusted domains = yes
  client ldap sasl wrapping = plain
  template shell = /bin/sh
  template homedir = /home/%U
  pid directory = /var/run/samba
  create mask = 0666
  directory mask = 0777
  client ntlmv2 auth = yes
  dos charset = CP850
  unix charset = UTF-8
  log level = 1


[ao]
  path = /mnt/ao/ao
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl netatalk streams_xattr
  hide dot files = yes
  hosts allow = 192.168.70.0/24
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare


[data]
  path = /mnt/ao/data
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl aio_pthread streams_xattr
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare


[unix]
  path = /mnt/ao/unix
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl aio_pthread streams_xattr
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
  ea support = no
  store dos attributes = no
  map archive = no
  map hidden = no
  map readonly = no
  map system = no

Code:

[root@freenas] ~# getfacl /mnt
# file: /mnt
# owner: root
# group: wheel
user::rwx
group::r-x
other::r-x
[root@freenas] ~# getfacl /mnt/ao
# file: /mnt/ao
# owner: f.floogy
# group: domänen-benutzer
  owner@:rwxpDdaARWcCos:fd----:allow
  group@:rwxpDdaARWcCos:fd----:allow
  everyone@:r-x---a-R-c---:fd----:allow

Code:

[root@freenas] ~# getfacl /mnt/ao/*
# file: /mnt/ao/ao
# owner: f.floogy
# group: domänen-benutzer
  owner@:rwxp--aARWcCos:------:allow
  group@:r-x---a-R-c--s:------:allow
  everyone@:r-x---a-R-c--s:------:allow

# file: /mnt/ao/data
# owner: f.floogy
# group: domänen-benutzer
  owner@:rwxpDdaARWcCos:fd----:allow
  group@:rwxpDdaARWcCos:fd----:allow
  everyone@:r-x---a-R-c---:fd----:allow

# file: /mnt/ao/jails
# owner: root
# group: wheel
  owner@:rwxp--aARWcCos:------:allow
  group@:r-x---a-R-c--s:------:allow
  everyone@:r-x---a-R-c--s:------:allow

# file: /mnt/ao/jails_2
# owner: root
# group: wheel
  owner@:rwxp--aARWcCos:------:allow
  group@:r-x---a-R-c--s:------:allow
  everyone@:r-x---a-R-c--s:------:allow

# file: /mnt/ao/unix
# owner: root
# group: wheel
  owner@:rwxpDdaARWcCos:fd----:allow
  group@:rwxpDdaARWcCos:fd----:allow
  everyone@:rwxpDdaARWcCos:fd----:allow
[root@freenas] ~#

 

[anodos]

I have a hunch that this is a problem with cygwin. Perhaps you can modify the advanced permissions of your share in Windows Explorer and remove the "Change permissions" entry for the account you're using to authenticate cygwin.

 

[floogy]

Hello Anodos, that seems not to help either:
https://bpaste.net/show/6f03c7595ab3

Anodos, if you got an windows computer at hand, you might try to reproduce the effects of mkdir, convert (ImageMagick) in cygwin 2.3.1 etc. ?

 

[anodos]

I'm not a cygwin user, and so I am only slightly familiar with the project (ie I know it exists). Are you accessing the data on your FreeNAS server via a samba client or SSH / SFTP?

 

[floogy]

No, cygwin maps all mapped network shares ( drive letter for the share ) as follows:
Windows cygwin
L: /cygdrive/L

But you can also access the share this way
cd //freenas/share
or
cd //192.168.70.3/share

cygwin manages the access of windows smb/cifs shares, and offers them transparently. No smbclient needed, if windows already got access to the share.

 

[anodos]

It appears your problem also affects openindiana: https://www.cygwin.com/ml/cygwin/2015-06/msg00362.html

If you need to use cygwin, you can try disabling zfs acls in samba and using 'unix' permissions.

 

[floogy]

Yes, I think, I should offer a share without acls, only unix permissions particulary for temporary script processing on my images, and then move them to an acl windows type CIFS share. Hm, but I guess I will loose all my data, because I created a raidz2 ao out of all disks. Or can I apply particular zfs options to a dataset? Then I would be fine, at least I think so. I want to use the most of the pool as windows type acl CIFS, though.

Thank you for your research! I'll have a look into the openindiana post.

Yesterday I found out, that cygwin also got issues on the samba 3.x share and on a windows 8.1 share too (redirection, tee -a)! HELIOS pcshare only knows unix permissions. There I got no issues.

I think you're right, and it seems to be more a cygwin issue than freenas fault.

But bizzarre, that the error only appeared after freenas did solve a CIFS bug, to populate freenas groups the right way over the cifs protocol. The irony.

 

[anodos]

Yes, I think, I should offer a share without acls, only unix permissions particulary for temporary script processing on my images, and then move them to an acl windows type CIFS share. Hm, but I guess I will loose all my data, because I created a raidz2 ao out of all disks. Or can I apply particular zfs options to a dataset? Then I would be fine, at least I think so. I want to use the most of the pool as windows type acl CIFS, though.

Thank you for your research! I'll have a look into the openindiana post.

Yesterday I found out, that cygwin also got issues on the samba 3.x share and on a windows 8.1 share too (redirection, tee -a)! HELIOS pcshare only knows unix permissions. There I got no issues.

I think you're right, and it seems to be more a cygwin issue than freenas fault.

But bizzarre, that the error only appeared after freenas did solve a CIFS bug, to populate freenas groups the right way over the cifs protocol. The irony.

I really don't see anything in the github commit that would cause the problem you're experiencing. See here: https://github.com/freenas/freenas/commit/97478c152fc5cd87309c944473cb3c939f289277

Having looked at some basic information on how cygwin permissions work (https://cygwin.com/cygwin-ug-net/ntsec.html) it appears that cygwin does its own SID to GID translation. It might be that cygwin is expecting the SIDs for the ACLs on your samba shares to mesh up with local user accounts on your windows system, gets confused, then writes new ACEs. It'd be interesting to see if the behavior differs on a windows server. That being said, I think short of some serious debugging there won't be a clear answer, and since there was no response on the cygwin mailing list to the post about broken ACLs, there is little desire to actually fix it. Try unix permissions or ditch cygwin.

 

[David Dyer-Bennet]

Ditching Cygwin, of course, is not an option in most cases. Either you don't need it at all, or you can't live without it, and I'm in that second category.

 

[anodos]

Ditching Cygwin, of course, is not an option in most cases. Either you don't need it at all, or you can't live without it, and I'm in that second category.

I take no ownership of anything I wrote more than a year ago. :) I also wouldn't recommend ditching Cygwin. Perhaps you both would be better served mounting the samba share from within cygwin.