Problem with "None" Group on Non-Domain Members

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: "Chris J. Breisch" <chris.ml@breisch.org>
To: "cygwin@cygwin.com" <cygwin@cygwin.com>
Subject: Problem with "None" Group on Non-Domain Members
Date: Mon, 05 May 2014 13:49:00 -0000	[thread overview]
Message-ID: <536796E4.2090009@breisch.org> (raw)

Hi,

I noticed this over the weekend. It's probably working as designed, 
however. And may have even been noticed by others before.

As has been noted in the past, if your machine is not a Domain member, 
your account gets assigned to the "None" group. And it's your default 
group as well. The problem is that the "None" group isn't very well 
behaved when it comes to permissions.

Example below.

$ mkdir none-group-test
$ cd none-group-test/
$ touch foo
$ ls -l foo
-rw-rw-r-- 1 Chris None 0 May  5 09:35 foo
$ chmod 600 foo
$ ls -l foo
-rw-rw---- 1 Chris None 0 May  5 09:35 foo
$ chgrp Users foo
$ chmod 600 foo
$ ls -l foo
-rw------- 1 Chris Users 0 May  5 09:35 foo

When the group for a file or directory is set to "None", the group 
permissions always mimic the owner permissions. I assume this is nothing 
Cygwin has control over. But, this causes problems for programs like SSH 
which expect some of its files to be locked down and only owner 
accessible. Since "None" is the default group, this can be rather irksome.

As a workaround, I changed my default group in /etc/passwd from "None" 
(513) to "Users" (545). That worked fine.

However, I wonder two things:
1) Do we have to make "None" be the default group in a non-Domain 
environment? Is this something that could be set by mkpasswd? I realize 
this is a Windows Group and Cygwin is just doing what Windows tells it 
to do, but maybe that's not the best idea in this case.
2) How is this all going to work with Corinna's new stuff? Will I even 
be able to change my default group with it?

Just to be clear, this is only a problem on non-Domain accounts. For a 
Domain account the default group is "Domain Users" (513) rather than 
"None" (513), and "Domain Users" is well-behaved.

-- 
Chris J. Breisch

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

next             reply	other threads:[~2014-05-05 13:49 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-05 13:49 Chris J. Breisch [this message]
2014-05-05 13:59 ` Corinna Vinschen
2014-05-05 14:17   ` Chris J. Breisch
2014-05-05 14:47     ` Corinna Vinschen
2014-05-05 15:23       ` Chris J. Breisch
2014-05-05 15:42         ` Corinna Vinschen
2014-05-05 16:17           ` Chris J. Breisch
2014-05-05 16:57             ` Corinna Vinschen
2014-05-05 18:52               ` Robert Pendell
2014-05-06 13:02                 ` Corinna Vinschen
2014-05-05 18:56               ` Chris J. Breisch
2014-05-05 19:44                 ` Larry Hall (Cygwin)
2014-05-05 21:57                   ` Chris J. Breisch
2014-05-05 22:07                     ` Chris J. Breisch
2014-05-05 22:29                       ` Larry Hall (Cygwin)
2014-05-05 22:39                         ` Chris J. Breisch
2014-05-06  0:43                           ` Larry Hall (Cygwin)
2014-05-06 12:23                             ` Chris J. Breisch
2014-05-05 22:09                     ` Larry Hall (Cygwin)
2014-05-06 12:52                 ` Microsoft Accounts (was Re: Problem with "None" Group on Non-Domain Members) Corinna Vinschen
2014-05-06 12:55                   ` Corinna Vinschen
2014-05-06 13:01                   ` Corinna Vinschen
2014-05-07 12:26                     ` vlado99
2014-05-07 12:43                       ` Corinna Vinschen
2014-05-06 17:01                   ` Chris J. Breisch
2014-05-06 17:16                     ` Corinna Vinschen
2014-05-06 18:22                       ` Chris J. Breisch
2014-05-07 11:57                         ` Corinna Vinschen
2014-05-07 12:40                           ` Corinna Vinschen
2014-05-07 14:09                             ` Chris J. Breisch
2014-05-07 14:46                               ` Corinna Vinschen
2014-05-08 20:09                                 ` Corinna Vinschen
2014-05-08 23:18                                   ` Robert Pendell
2014-05-09  0:12                                     ` Ken Brown
2014-05-09  1:34                                       ` Robert Pendell
2014-05-09  6:11                                       ` Achim Gratz
2014-05-09  7:42                                     ` Corinna Vinschen
2014-05-07 14:05                           ` Andrey Repin
2014-05-07 14:20                             ` Corinna Vinschen
2014-05-07 14:43                               ` Corinna Vinschen
2014-05-07 14:05                           ` Chris J. Breisch
2014-05-07 14:35                             ` Corinna Vinschen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=536796E4.2090009@breisch.org \
    --to=chris.ml@breisch.org \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).