On Feb 16 12:56, Corinna Vinschen wrote: > On Feb 16 03:30, Warren Young wrote: > > On Feb 15, 2014, at 5:50 AM, Corinna Vinschen wrote: > > > No, that's not right. We have two mechanisms implemented you can > > > choose three out of four possible combinations: > > > > > > files only > > > db only > > > files, then db > > > > Yes, I realize that. > > > > While composing the previous email, I considered a 2-Boolean design: > > > > ignore_db=false > > ignore_files=false > > > > I rejected that design when I realized that ignore_files is redundant with respect to /etc/foo file existence. If the files are present, use them. If not, you have a DB-only configuration. > > What if an admin wants to avoid that files are read at all, even if a > user manages to generate them? Anyway, I'm willing to switch from /etc/nsswitch.conf to something else. Let's assume we go with /etc/cygwin.conf instead. This wouldn't set a bad precedent in terms of syntax and keyword differences to configuration files existing on Linux, and it would allow to define more settings which have nothing to do with passwd/group stuff in the long run. So, how should this look like? Let's do some free floating, # /etc/cygwin.conf pwdgrp="files db" db_separator="+" db_cache="yes" db_prefix="auto" And now the new one. I have getpwent/getgrent practically ready to go. It's just missing the setting to restrict the enumeration. It occured to me that an admin or a user might want to restrict the enumeration to a specific set of domains. What about something like this? db_enum="local primary trusted_dom1 trusted_dom2" "local" and "primary" being fixed keywords for the local machine accounts and the accounts from the primary domain. Everything else is treated as a domain name of a trusted domain, and the name can be given as flat domain name as well as as dns domain name. Does that make sense? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat