From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22086 invoked by alias); 21 Feb 2014 21:21:03 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 22071 invoked by uid 89); 21 Feb 2014 21:21:03 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=3.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: vms173023pub.verizon.net Received: from vms173023pub.verizon.net (HELO vms173023pub.verizon.net) (206.46.173.23) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 21 Feb 2014 21:21:01 +0000 Received: from PHUMBLETLAP01W ([unknown] [50.200.185.42]) by vms173023.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0N1D00K9S7AQ4560@vms173023.mailsrvcs.net> for cygwin-apps@cygwin.com; Fri, 21 Feb 2014 15:20:51 -0600 (CST) From: "Pierre A. Humblet" To: References: <20140220193814.GU2246@calimero.vinschen.de> <025d01cf2f2d$014b0040$03e100c0$@ieee.org> <20140221202745.GE2246@calimero.vinschen.de> In-reply-to: <20140221202745.GE2246@calimero.vinschen.de> Subject: RE: HEADSUP: New getent tool to read passwd and group data Date: Fri, 21 Feb 2014 21:21:00 -0000 Message-id: <02cb01cf2f4a$cbc90cf0$635b26d0$@ieee.org> MIME-version: 1.0 Content-type: text/plain; charset=UTF-8 Content-transfer-encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2014-02/txt/msg00046.txt.bz2 > From: Corinna Vinschen > Sent: Friday, February 21, 2014 15:28 > On Feb 21 12:47, Pierre A. Humblet wrote: > > > From: cygwin-apps-owner[...] > > > On Behalf Of Corinna Vinschen > > > Sent: Thursday, February 20, 2014 14:38 > > > To: cygwin-apps[...] > > > > > > Hi guys, > > > > > > > > > I just uploaded the new getent package and sent the announcement, > > > > > > I'm repeating myself here because this is really important and I'm > > > not sure everybody on this list reads the cygwin and cygwin-announce > lists. > > > > > > In short, we want to get rid of the requirement to maintain > > > /etc/passwd and /etc/group files, per > > > http://cygwin.com/ml/cygwin/2014-02/msg00306.html > > > > > > In future, tools and scripts, especially service installation helper > > > scripts like my ssh-host-config, must not rely on being able to grep > > > user and group information from /etc/passwd and /etc/group. > > > > > > Rather, the scripts should be changed to use the getent tool as soon > > > as possible. Usage for checking passwd: > > > > > > $ getent passwd > > > > > > I'd like to ask all maintainers providing such scripts, including > > > myself, to look into their packages and fix them to use the getent to= ol. > > > > > > > Corinna, > > > > For packages such as exim we need to find the uid of System and of > Administrator, which the user can set any which way in passwd. > > So we lookup the SID (not the username) to get the uid (or gid). >=20 > The SID of the administrator or the SID of the administrors group? > The SID of the local administrator makes only marginal sense to me. > What do you need it for? I mean the administrators group. It's needed for example to set the ownership of the configuration file. The daemon checks that the file is owned/writable only by privileged users. Similarly in cron the crontab files need to be readable by admins. cronbug = checks for that =20 > > Is there an equivalent mechanism using getent ? > > Else, could Cygwin disregard the passwd entries for these 2 users and u= se > only the fixed values determined by the mapping from Windows? >=20 > You should not have to expect a name change for the SYSTEM and the > Administrators account. It should be entirely sufficient to check for th= e user > Administrator and the user SYSTEM or +SYSTEM.=20=20 Is that independent of local language? > If you really want to check > by SID, feel free to enumerate all accounts by just omitting the username= and > scan for the SID you're looking for: > $ getent passwd | grep ',S-1-5-32-544:' >=20 > $ getent group | grep ':S-1-5-18:' OK, thanks, that will work.=20 We have had cases of people in very large organizations trying to build the= password with mkpasswd -d and that ended up taking hours. Won't the above = run in the same issue? This needs to run in postinstall. Pierre =20