From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=1yDI=KR=gmail.com=dan.f.shelton@sourceware.org>
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232])
	by sourceware.org (Postfix) with ESMTPS id 2DBA0385842D
	for <cygwin@cygwin.com>; Mon, 11 Mar 2024 01:28:34 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2DBA0385842D
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2DBA0385842D
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::232
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710120517; cv=none;
	b=QB725ZMYNZ21DvYz5I1tJG3X5tKKORYh9A1eKa/wuvqvoyZwTcpNB3tyL5yzXDNcYOYnYRj58DDcH/53zT6eEJZl5enMdnvyBimwS+cBtne9HDRvr6FKiLxGDe0TAJCv/n4sYRaTWK3WMc3kkhAPvh+9Ur5wbcAiqUuIy52HHm4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1710120517; c=relaxed/simple;
	bh=2vccw1IGey6krH6AgRWoERDdipLjPKbImexvo1KgErk=;
	h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=ZodSmyh62/074Rqc85dhRuvIt4M4JSxOFfkGy08KDPxYXxGA8Fz/Q7FtSPnosbWNOwYdgiJLSzv885WhzbEJXkJR4SVG0Daqzy9+Gi20BKk2klxEvYLMDvtJuKnKm2/OT7WeWQ2A41RXTmCt028um9vVSm2aHIcOIdffRWLNcX0=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2d109e82bd0so52289601fa.3
        for <cygwin@cygwin.com>; Sun, 10 Mar 2024 18:28:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1710120512; x=1710725312; darn=cygwin.com;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=6Wf/CEaCK2E1jD6zahqVMMJe9yvGpwpm94QYUPK6QsU=;
        b=Z7aAnchejI7a/IC/5DkKH3dLgDq+hTD0vLKQzG6lHiQ54kHhPKyg1cCaSdoccgH5TB
         8OurIGZdrqHgUPfo/H1LBUdzkVLAEWC5Ueds1/x2p2XRHElgjKJYFkhVDU+kpa4oYnVH
         U1KD+2fPQIT/0KY79XbyOCJI7JGz96qw2f/gk3VfBTZShWZOjJlr+KGTmgQ1on7N7bTC
         /mUpchchR43/xUJ3WJY3tDg5AOUisJK/O2GnK+J0ZNFG+rKpxHfuJdriGtoZFBYdyPEo
         YGyRyJYmEjF7ds58mTFuQtGvxt+1xJhstOY5z+ldF/Qz3PVdymJKB2zMollq0hZDWBD3
         SbAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710120512; x=1710725312;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=6Wf/CEaCK2E1jD6zahqVMMJe9yvGpwpm94QYUPK6QsU=;
        b=OGYjWDLRMyw2LPAKgt0ytgelb/+wcJm9HuKqYaMKBaodWGyICYsIjPnzSjcrJ+lgpJ
         NFcyMco5ZecBzHe/v3FWNYGyJxI301oy0pLYwQM8z0Py9NqstG/sy5pVb7WBmKbKhhge
         mhv/ingnC4Y1H5QWfmuJVmxteCQL/LvpYbH8bInNoLMDQfgAAlE+0LIFxEB5bsZEUgv6
         zKUiwLVc87eMjm/6L6iqxoUAHoYbGLaNgJNnsgSROojKOdxFZEZc2bRrvXfogfZCpqEa
         tcyjwfHxx2OXAWqGPiWy49+E6WMlPyOaIwXCXnpohrzxBgz4DEKFZ2KEl2yCKNxVCa9M
         Um8w==
X-Gm-Message-State: AOJu0YxhJGG7/tSC1Fy+0xNoFSaNzhuvBQEXCRbt2TTPYGjPoumW7p2F
	rFuvkg9K1CG+yUadgn4SRMHfVdnOk55zICSN3S7ND7H2wPzHcDakIxDtAn4TV18a5YplR8cccos
	V5mnEk9A8q5bQgQkhjHs4x3klH5Ll1o4A
X-Google-Smtp-Source: AGHT+IFYEJFAI59RgQDIsYBevh7D/ybwEeGbjeohsPTp+WTtz1Ga+d95Zx50fUD+ujs4vhGgHHLCE/YQWumKDPKlqVk=
X-Received: by 2002:a2e:9105:0:b0:2d3:f4a3:d21 with SMTP id
 m5-20020a2e9105000000b002d3f4a30d21mr2925275ljg.15.1710120512263; Sun, 10 Mar
 2024 18:28:32 -0700 (PDT)
MIME-Version: 1.0
References: <CAKAoaQnFxij4Np-jg+bOLEpiSziCfamFrJ2FR_JeO+Sv_Td2Kg@mail.gmail.com>
 <ZdecXZNUgQ3i0hYN@calimero.vinschen.de> <CAKAoaQ=rCwVHnHAqfd5C3kC45GPE4ZHbbgCWrdM64sojLMuMyA@mail.gmail.com>
 <Zdi-CnGX3CwWA0nl@calimero.vinschen.de> <CAKAoaQ=kLW3houqanjcN9Qk1++BtgW-dNRiXjLYwCRTYEzoN=w@mail.gmail.com>
 <CAAvCNcCHAVooYX2_tUHHnUYvWRKHWhBwxmKws7AcqjOo-sQd+g@mail.gmail.com>
 <Zdnq5yJha75NTpgd@calimero.vinschen.de> <CAAvCNcAEAr0gFdR_excafHq8+cYjDvf_APb1So-AAWGSu2+zTQ@mail.gmail.com>
 <ZehpEr18QUP6C3Ge@calimero.vinschen.de>
In-Reply-To: <ZehpEr18QUP6C3Ge@calimero.vinschen.de>
From: Dan Shelton <dan.f.shelton@gmail.com>
Date: Mon, 11 Mar 2024 02:28:05 +0100
Message-ID: <CAAvCNcCcfO9br8avaNo6tg-FLHef4aH9P8AVyr95bs9ArTTSJQ@mail.gmail.com>
Subject: Re: Switching groups with newgrp - how to get the new group with
 |GetTokenInformation()| ?
To: cygwin@cygwin.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <cygwin.cygwin.com>

On Wed, 6 Mar 2024 at 14:01, Corinna Vinschen via Cygwin
<cygwin@cygwin.com> wrote:
>
> On Mar  5 23:38, Dan Shelton via Cygwin wrote:
> > On Sat, 24 Feb 2024 at 14:11, Corinna Vinschen via Cygwin
> > <cygwin@cygwin.com> wrote:
> > >
> > > On Feb 23 22:15, Dan Shelton via Cygwin wrote:
> > > > HOWEVER, there is another Cygwin bug:
> > > > "getent group mywingrp1" does not list any group members, even after
> > > > "net localgroup mywingrp1 mywinuser44 /add", which is a POSIX
> > > > violation.
> > >
> > > Not a bug.  Two problems:
> > >
> > > - Getting members of a group can be an extremly costly operation
> > >   in a domain or, worse, a domain forest, or even worse, if the
> > >   domain or domain forest is remote.
> > >
> > > - Alonmg the same lines, getting members of a group can be extremly
> > >   costly in big orgs with thousands of users.  Nobody want's to clutter
> > >   up space with the list of members in the "Domain Users" group.
> > >
> > > - Permissions to enumerate members of a group are restricted.
> > >   By default only admins and group members are allow to enumerate
> > >   members and this can be restricted further by domain admins.
> > >
> > > Therefore we dropped even trying to populate gr_mem, considering
> > > that even in its original form on Unix systems, it's used only
> > > to add supplementary groups.  To do this right on Windows is even
> > > more costly than blindly enumerating.
> > >
> > > It's not a bug, it's a feature :)
> >
> > Could you add an option to getent so that the full lookup can be
> > requested via command line, pls?
>
> That's not possible.  getent just calls getpwent/getgrent.

What about environment variables? NSSWITCH_PATH=/etc/nsswitch.conf
would be the default, and then let scripts customise it

>
> > Always editing /etc/nsswitch.conf
> > forth and back is not a elegant solution, aside from race conditions
> > with other users on a system
>
> So, here we go again.
>
> - What exactly are you trying to accomplish by enumerating the accounts?
>   Maybe you won't actually need it for your task at hand.

We're trying to do several things, including but not limited to:
- Finding which local groups exist. Part of our customer software
expects that certain groups exist. Unfortunately the group names vary
between installations, and sometimes names are prefixed with site
names. Trying to do all permutations with just getent passwd
$iteration means too many combinations (>= 4000000). So just
enumerating all local groups with getent group would be the way to go.
- get the uid and gid used by Cygwin, so the scripts can use  them
later for tar/pax and other scripts

Dan
-- 
Dan Shelton - Cluster Specialist Win/Lin/Bsd