This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: man.conf missing after cygwin upgrade


> Well, you *do* need an entry for your domain user.  That's 
> accomplished
> with "mkpasswd -d -u YOURUSERNAME" (which will only query the PDC for
> YOURUSERNAME, not list all users).  I'm no security expert, 
> but I think
> there's enough local information that "mkpasswd -l -c" ("-c" 
> stands for
> "current user") works too (it doesn't query the PDC).

I think it does. Out of curiosity, I compared the output of

  mkpasswd -l -c

and

  mkpasswd -d -u fischron

and the difference, with respect to the entry for my user id, is: In the
case
of -c -l, the /etc/passwd entry reads

fischron:unused_by_nt/2000/xp:121833:10513:fischron,U-EU\fischron,S-1-5-
21-2052111302-842925246-682003330-111833:/cygdrive/h:/bin/bash

and with -u fischron, it reads

fischron:unused_by_nt/2000/xp:121833:10513:Fischer Ronald (IT BT CFS IKM
External),U-EU\fischron,S-1-5-21-2052111302-842925246-682003330-111833:/
/MUCSDN03/FischRon:/bin/bash

So the only essential difference is that my home directory is specified
as the network drive in the latter case, and as Windows drive in the
former.
I think you agree that these differences don't effect operation of
Cygwin in any 
way, don't you?

> > I tried "-d" on mkgroup once (where it goes slightly faster), and it
> > ended up with a group file of about 30000 entries!
> 
> Yes.  You only need the groups that your domain user belongs 
> to.  Since
> I'm not in a domain, I don't know how to get a list of those, 
> but I'm sure
> someone here will respond with this info.

Well, I checked my /etc/passwd and found that it refers to only 3
different
groups: 544 ("Administrators"), 513 ("None") and 10513. When I do a 
mkgroup -l -c, group 10513 becomes a group with name mkgroup_l_d, which,
as I understand from your explanation, is a hint that there could be
a problem. But when I do a 

   mkgroup -d -g 'Domain Users'

then group 10513 is listed as belonging to the domain users. So as a
solution,
I recreated the group file by

  (mkgroup -l; mkgroup -d -g 'Domain Users') >/etc/group

which yielded the following /etc/group:

SYSTEM:S-1-5-18:18:
None:S-1-5-21-602162358-162531612-725345543-513:513:
Administrators:S-1-5-32-544:544:
Backup Operators:S-1-5-32-551:551:
Guests:S-1-5-32-546:546:
Power Users:S-1-5-32-547:547:
Replicator:S-1-5-32-552:552:
Users:S-1-5-32-545:545:
Debugger Users:S-1-5-21-602162358-162531612-725345543-1001:1001:
Domain Users:S-1-5-21-2052111302-842925246-682003330-513:10513:

I think this should be correct now, doesn't it?

> > I don't think I want it. I just don't see what advantage it 
> has. And,
> > after all, that information is outdated the next day anyway, because
> > there are continuously systems coming and going.
> 
> Huh?  The domain users/groups live on the PDC, which is one machine.
> Unless you mean that users and groups are constantly added 
> and deleted?

Yes, my rough guess is that a few dozen of users are added daily in
the average, and about the same number deleted.

> 
> But you're right, if you're the only user on the machine, 
> "mkpasswd -d" is
> overkill.  "mkpasswd -d -u YOURUSERNAME" isn't.

Here again, you have to combine both by

  (mkpasswd -l; mkpasswd -d -u fischron) >/etc/passwd

because mkpasswd -d -u fischron alone would *only* write the entry 
belonging to my username, but would omit entries such as Guest, Admin
etc.

Regards,


Ronald

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]