From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Switching groups with newgrp - how to get the new group with |GetTokenInformation()| ?
Date: Sat, 24 Feb 2024 14:11:03 +0100 [thread overview]
Message-ID: <Zdnq5yJha75NTpgd@calimero.vinschen.de> (raw)
In-Reply-To: <CAAvCNcCHAVooYX2_tUHHnUYvWRKHWhBwxmKws7AcqjOo-sQd+g@mail.gmail.com>
On Feb 23 22:15, Dan Shelton via Cygwin wrote:
> HOWEVER, there is another Cygwin bug:
> "getent group mywingrp1" does not list any group members, even after
> "net localgroup mywingrp1 mywinuser44 /add", which is a POSIX
> violation.
Not a bug. Two problems:
- Getting members of a group can be an extremly costly operation
in a domain or, worse, a domain forest, or even worse, if the
domain or domain forest is remote.
- Alonmg the same lines, getting members of a group can be extremly
costly in big orgs with thousands of users. Nobody want's to clutter
up space with the list of members in the "Domain Users" group.
- Permissions to enumerate members of a group are restricted.
By default only admins and group members are allow to enumerate
members and this can be restricted further by domain admins.
Therefore we dropped even trying to populate gr_mem, considering
that even in its original form on Unix systems, it's used only
to add supplementary groups. To do this right on Windows is even
more costly than blindly enumerating.
It's not a bug, it's a feature :)
Corinna
next prev parent reply other threads:[~2024-02-24 13:11 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-22 17:38 Roland Mainz
2024-02-22 19:11 ` Corinna Vinschen
2024-02-23 13:03 ` Roland Mainz
2024-02-23 15:47 ` Corinna Vinschen
2024-02-23 18:45 ` Roland Mainz
2024-02-23 21:15 ` Dan Shelton
2024-02-24 13:11 ` Corinna Vinschen [this message]
2024-03-05 22:38 ` Dan Shelton
2024-03-06 13:01 ` Corinna Vinschen
2024-03-09 21:26 ` Glenn Strauss
2024-03-11 1:30 ` Dan Shelton
2024-03-11 3:49 ` Brian Inglis
2024-03-11 16:54 ` Corinna Vinschen
2024-03-11 1:28 ` Dan Shelton
2024-03-11 16:56 ` Corinna Vinschen
2024-04-19 23:44 ` Dan Shelton
2024-04-26 9:04 ` Andrey Repin
2024-02-24 16:57 ` Brian Inglis
2024-02-24 12:53 ` Corinna Vinschen
2024-02-24 14:38 ` Will all SIDs fit into |SECURITY_MAX_SID_SIZE| bytes ? / was: " Roland Mainz
2024-02-24 18:57 ` Corinna Vinschen
2024-02-25 21:04 ` Roland Mainz
2024-02-25 22:32 ` gs-cygwin.com
2024-02-26 4:17 ` gs-cygwin.com
2024-02-26 16:12 ` [EXTERNAL] " Lavrentiev, Anton (NIH/NLM/NCBI) [C]
2024-02-26 9:20 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zdnq5yJha75NTpgd@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).