This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: HEADSUP: New getent tool to read passwd and group data


On Feb 21 16:20, Pierre A. Humblet wrote:
> > From:  Corinna Vinschen
> > > Corinna,
> > >
> > > For packages such as exim we need to find the uid of System and of
> > Administrator, which the user can set any which way in passwd.
> > > So we lookup the SID (not the username) to get the uid (or gid).
> > 
> > The SID of the administrator or the SID of the administrors group?
> > The SID of the local administrator makes only marginal sense to me.
> > What do you need it for?
> 
> I mean the administrators group.
> It's needed for example to set the ownership of the configuration file.
> The daemon checks that the file is owned/writable only by privileged users.
> Similarly in cron the crontab files need to be readable by admins. cronbug checks for that
>  
> > > Is there an equivalent mechanism using getent ?
> > > Else, could Cygwin disregard the passwd entries for these 2 users and use
> > only the fixed values determined by the mapping from Windows?
> > 
> > You should not have to expect a name change for the SYSTEM and the
> > Administrators account.  It should be entirely sufficient to check for the user
> > Administrator and the user SYSTEM or +SYSTEM.  
> 
> Is that independent of local language?

SYSTEM, yes, Administrators, no, unfortunately.

> > If you really want to check
> > by SID, feel free to enumerate all accounts by just omitting the username and
> > scan for the SID you're looking for:
> 
> >   $ getent passwd | grep ',S-1-5-32-544:'
> > 
> >   $ getent group | grep ':S-1-5-18:'
> 
> OK, thanks, that will work. 
> We have had cases of people in very large organizations trying to build the password with mkpasswd -d and that ended up taking hours. Won't the above run in the same issue?  This needs to run in postinstall.

It depends on the "db_enum" nsswitch.conf settings.  Did you read my
text about the change by any chance?  If not, see my latest version
here: http://cygwin.com/ml/cygwin/2014-02/msg00585.html

Yes, it might take time, even though the LDAP queries should be slightly
faster than the NetUserEnum call before.  Therefore it would make more
sense to check for the uid/gid values 18 and 544, IMHO.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpH6UgC9NSFj.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]