UNIX nobody/nogroup mapping to which Windows SID/account?

UNIX nobody/nogroup mapping to which Windows SID/account?

[Martin Wege]

Hello,

How can we map UNIX "nobody"/"nogroup" to Win32 SIDs/accounts? Cygwin
has entries for "nobody" in /etc/passwd and "nogroup" in /etc/group,
but these accounts have SIDs returned by /usr/bin/getent passwd and
/usr/bin/getent group which LookupAccountSidA() does not recognise.

So what is the correct Win32 solution?

Thanks,
Martin

Re: UNIX nobody/nogroup mapping to which Windows SID/account?

[Corinna Vinschen]

On Mar  3 14:45, Martin Wege via Cygwin wrote:
> Hello,
> 
> How can we map UNIX "nobody"/"nogroup" to Win32 SIDs/accounts? Cygwin
> has entries for "nobody" in /etc/passwd and "nogroup" in /etc/group,
> but these accounts have SIDs returned by /usr/bin/getent passwd and
> /usr/bin/getent group which LookupAccountSidA() does not recognise.
> 
> So what is the correct Win32 solution?

I urge you to read the entire thread starting at

https://sourceware.org/legacy-ml/cygwin/2016-06/msg00347.html

There's a *LOT* of information in there in terms of discussing and
creating the nobody/nogroup mapping.

Bottom line is, there's no nobody account equivalent on Windows and no
resolvable SID/Name pair.  Thus, we decided to use the SID S-1-0-65534
mapped to uid/gid 65534 for this purpose.  This doesn't matter to native
Windows, it's just some foreign SID.  But it's resolvable inside Cygwin:

  $ getent passwd S-1-0-65534
  no+body:*:65534:65534:U-no\body,S-1-0-65534:/:/sbin/nologin
  $  getent group S-1-0-65534
  no+body:S-1-0-65534:65534:


Corinna