From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4259 invoked by alias); 21 Feb 2014 21:42:06 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 4243 invoked by uid 89); 21 Feb 2014 21:42:04 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 21 Feb 2014 21:42:03 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 9D2C4520412; Fri, 21 Feb 2014 22:42:00 +0100 (CET) Date: Fri, 21 Feb 2014 21:42:00 -0000 From: Corinna Vinschen To: cygwin-apps@cygwin.com Subject: Re: HEADSUP: New getent tool to read passwd and group data Message-ID: <20140221214200.GH2246@calimero.vinschen.de> Reply-To: cygwin-apps@cygwin.com Mail-Followup-To: cygwin-apps@cygwin.com References: <20140220193814.GU2246@calimero.vinschen.de> <025d01cf2f2d$014b0040$03e100c0$@ieee.org> <20140221202745.GE2246@calimero.vinschen.de> <02cb01cf2f4a$cbc90cf0$635b26d0$@ieee.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="i471YDSmETikJJs7" Content-Disposition: inline In-Reply-To: <02cb01cf2f4a$cbc90cf0$635b26d0$@ieee.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-SW-Source: 2014-02/txt/msg00048.txt.bz2 --i471YDSmETikJJs7 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2356 On Feb 21 16:20, Pierre A. Humblet wrote: > > From: Corinna Vinschen > > > Corinna, > > > > > > For packages such as exim we need to find the uid of System and of > > Administrator, which the user can set any which way in passwd. > > > So we lookup the SID (not the username) to get the uid (or gid). > >=20 > > The SID of the administrator or the SID of the administrors group? > > The SID of the local administrator makes only marginal sense to me. > > What do you need it for? >=20 > I mean the administrators group. > It's needed for example to set the ownership of the configuration file. > The daemon checks that the file is owned/writable only by privileged user= s. > Similarly in cron the crontab files need to be readable by admins. cronbu= g checks for that >=20=20 > > > Is there an equivalent mechanism using getent ? > > > Else, could Cygwin disregard the passwd entries for these 2 users and= use > > only the fixed values determined by the mapping from Windows? > >=20 > > You should not have to expect a name change for the SYSTEM and the > > Administrators account. It should be entirely sufficient to check for = the user > > Administrator and the user SYSTEM or +SYSTEM.=20=20 >=20 > Is that independent of local language? SYSTEM, yes, Administrators, no, unfortunately. > > If you really want to check > > by SID, feel free to enumerate all accounts by just omitting the userna= me and > > scan for the SID you're looking for: >=20 > > $ getent passwd | grep ',S-1-5-32-544:' > >=20 > > $ getent group | grep ':S-1-5-18:' >=20 > OK, thanks, that will work.=20 > We have had cases of people in very large organizations trying to build t= he password with mkpasswd -d and that ended up taking hours. Won't the abov= e run in the same issue? This needs to run in postinstall. It depends on the "db_enum" nsswitch.conf settings. Did you read my text about the change by any chance? If not, see my latest version here: http://cygwin.com/ml/cygwin/2014-02/msg00585.html Yes, it might take time, even though the LDAP queries should be slightly faster than the NetUserEnum call before. Therefore it would make more sense to check for the uid/gid values 18 and 544, IMHO. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --i471YDSmETikJJs7 Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTB8goAAoJEPU2Bp2uRE+gT0wP/i1Xop3MaoRuoORu7SKRtdak T2LmNhq0KMEzTWUmJEhkDrrcdjSYeqQw6Ho1FrVZqQHzmdPQa6NBsQk3B/m7dhkY pPLpXX5zj5KRlQRSc/YvxKWJd/5eUqp84gvCDHRBJVqtrx4GU0/AqDcbjT1v7pqX Mv+zQG8M/zSQrbQqQ5LWYnTKSQ/DBHCEhwiXWygPgK6NGJlxMxeZjZfvfE6UGtBo jrV00WYdfIxZ1VhH3g5h+2zCd2C+LSrWkNUaHSeYB3ONR1K7e20Wfw7JSnQiJtnT L72AFi8j4CYKds7NkHOrUYj2b5/yfUAtKZ0gyW1xeu4f8j2LWz7j2DpcDN8jNvOs Ig9ma3yRTW/8CG/R60PVym50GqZISje4bZRn2+htJ1HEexSesdN6xQy7QNggfh6J zGxkBPVD8Fkq0UrbaCQGUciwRVhp7FHKeAMYizLD5ruzDuDwTLXMBK78MJ+UT3XX lZrmXBwAVkoz+UDFBgZlMTcIPEfLoD9BEd2xLsnPzw19snJLsjJqMYPS1nDJusAN DJ/OyUeNx18cK2BczNBeXIfHbvGZHwrN6dDoCoXKYxzyOuUDuNiL39eDpyYicl3C 8KEp7xSm4hr6coTaT+UVHPjokkp4t4upJ3BpBr0MSqlvesNHlpAW2Ms35sQ16ccz irEquSelAfaWnjebfjDi =ck9+ -----END PGP SIGNATURE----- --i471YDSmETikJJs7--