From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corinna@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2155)
	id 9D3483858D1E; Sat, 24 Feb 2024 13:11:05 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9D3483858D1E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1708780265;
	bh=hIEYf+PQPEbzpzwlBQ1eshrgDcTgIh8iZg93/1AYEt4=;
	h=Date:From:To:Subject:Reply-To:References:In-Reply-To:From;
	b=QzASG6YmhsMG9SrXkL7szgZ8Q9QlzCkwKNugQAeM+hYkv8B08+NHxN1jFW5MSF1Tj
	 nFo3SLj1VqDqs8/hmvD+NMG/1S5gKPSHG0j1n/aV3qQ72KDUObOaC7+5G/WSlLe74N
	 mmCY/v8+wMIXMExGzN/oPRuRrXAhJ424FuRZh1Uo=
Received: by calimero.vinschen.de (Postfix, from userid 500)
	id A692FA809E4; Sat, 24 Feb 2024 14:11:03 +0100 (CET)
Date: Sat, 24 Feb 2024 14:11:03 +0100
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Switching groups with newgrp - how to get the new group with
 |GetTokenInformation()| ?
Message-ID: <Zdnq5yJha75NTpgd@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <CAKAoaQnFxij4Np-jg+bOLEpiSziCfamFrJ2FR_JeO+Sv_Td2Kg@mail.gmail.com>
 <ZdecXZNUgQ3i0hYN@calimero.vinschen.de>
 <CAKAoaQ=rCwVHnHAqfd5C3kC45GPE4ZHbbgCWrdM64sojLMuMyA@mail.gmail.com>
 <Zdi-CnGX3CwWA0nl@calimero.vinschen.de>
 <CAKAoaQ=kLW3houqanjcN9Qk1++BtgW-dNRiXjLYwCRTYEzoN=w@mail.gmail.com>
 <CAAvCNcCHAVooYX2_tUHHnUYvWRKHWhBwxmKws7AcqjOo-sQd+g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAAvCNcCHAVooYX2_tUHHnUYvWRKHWhBwxmKws7AcqjOo-sQd+g@mail.gmail.com>
List-Id: <cygwin.cygwin.com>

On Feb 23 22:15, Dan Shelton via Cygwin wrote:
> HOWEVER, there is another Cygwin bug:
> "getent group mywingrp1" does not list any group members, even after
> "net localgroup mywingrp1 mywinuser44 /add", which is a POSIX
> violation.

Not a bug.  Two problems:

- Getting members of a group can be an extremly costly operation
  in a domain or, worse, a domain forest, or even worse, if the 
  domain or domain forest is remote.

- Alonmg the same lines, getting members of a group can be extremly
  costly in big orgs with thousands of users.  Nobody want's to clutter
  up space with the list of members in the "Domain Users" group.

- Permissions to enumerate members of a group are restricted.
  By default only admins and group members are allow to enumerate
  members and this can be restricted further by domain admins.

Therefore we dropped even trying to populate gr_mem, considering
that even in its original form on Unix systems, it's used only
to add supplementary groups.  To do this right on Windows is even
more costly than blindly enumerating.

It's not a bug, it's a feature :)


Corinna