On Nov 11 11:18, Corinna Vinschen wrote: > On Nov 10 23:09, Warren Young wrote: > > On Nov 10, 2014, at 1:52 PM, Corinna Vinschen wrote: > > > > > Shall the "db" entries utilize the Windows home folder if it exits(*) > > > and drop using the unixHomeDirectory? It seems inevitable… > > > > Use of AD implies some level of security consciousness. The ability to write to c:\cygwin — not just during installation, but during all use thereafter! — comes out of a world where every user is a local Administrator. > > > > This answer I wrote on Stack Overflow is one way to solve the problem today: > > > > http://stackoverflow.com/questions/26666180/ > > > > It might not be a bad idea if Cygwin started doing this sort of thing by default in the future. (Obviously for new installs only.) > > What I gather from the replies so far is this: > > - Nobody really cares for unixHomeDirectory. > > - Some want to use the Windows home folder. > > - Some want Cygwin to utilize the HOMEPATH dir. > > - Some want Cygwin to use always it's own /home and do everything else > via symlinks or mount points. > > The problem so far is that I'm not sure it's clear to everybody what > I mean. I'm *not* talking about a default value which can easily be > overridden by tweaking /etc/passwd. I'm talking about what the passwd > entry contains if there's no passwd file, and the admins want to keep > the administration strictly inside AD. The passwd entry gets generated > from what AD provides. And here we need a sensible default behaviour. > > One possible, but not naturally useful default behaviour is what > the current code does: > > 1. Utilize the unixHomeDirectory AD attribute. > 2. If unixHomeDirectory is empty, fall back to /home/$USER. > > Another possible behaviour: > > 1. Utilize the homeDirectory AD attribute (aka %HOMEDRIVE%%HOMEPATH%). > 2. If homeDirectory is empty, fall back to /home/$USER. > > Another: > > 1. Always use /home/$USER and let the admins come up with a matching > mount point scheme. > > Another: > > 1. Add a setting to /etc/nsswitch.conf which allows to specify one of > the above: > > home: [unix|win|home]... > > - "unix" means, set pw_dir to unixHomeDirectory > - "win" means, set pw_dir to homeDirectory > - "home" means, set pw_dir to /home/$USER > - Multiple entries are possible. > - Default in the absence of this setting is: always set pw_dir to > /home/$USER. Another way to handle Cygwin-specific settings would be to utilize the description(*) field in the user's entry, just as implemented for SAM accounts. See the SAM part of https://cygwin.com/preliminary-ug/ntsec.html#ntsec-mapping-passwdinfo for how to use XML-alike entries in the description field to add user data, for instance This could be added to some standard scheme: 1. Utilize the description attribute. 2. If description is empty, utilize homeDirectory. 3. If homeDirectory is empty, use /home/$USER. Or this could be added as a setting in nsswitch.conf: home: [unix|win|desc|home] I could think of arbitrarily complex ways to extend this nsswitch.conf setting, as in: home: /foo/bar/%U With %U being the Windows username, %D the domain name, %u the Cygwin user name. But all this also takes time to implement, of course :( Corinna (*) Note the naming confusion: The `net user /comment:...' command sets the AD attribute "description". The `net user /usercomment:...' command sets the AD attribute "comment". -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat