From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corinna@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2155)
	id 8C96E385843A; Wed,  6 Mar 2024 13:01:08 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8C96E385843A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1709730068;
	bh=SNEjymrPZ5IYyqcKr7hD9bCEqNqaQetoInDOkQ+/8Ao=;
	h=Date:From:To:Subject:Reply-To:References:In-Reply-To:From;
	b=ERiEQ17Zidd3C1UTO47IqGXmRdCCyGPvG9FJ4dU+XYZq51GCgXubIv1M1kbyh/9UN
	 /LXCGT2OT6t+sYkxl45vQJpfPSWnx35W0kdG4mUKQKc8tkcL1vIWpANl0O3/MYHGLQ
	 Mk23XlfLVKug7ieDLSymBF+DKm8NmrISagDvcG5k=
Received: by calimero.vinschen.de (Postfix, from userid 500)
	id B91C2A80DA3; Wed,  6 Mar 2024 14:01:06 +0100 (CET)
Date: Wed, 6 Mar 2024 14:01:06 +0100
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Switching groups with newgrp - how to get the new group with
 |GetTokenInformation()| ?
Message-ID: <ZehpEr18QUP6C3Ge@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <CAKAoaQnFxij4Np-jg+bOLEpiSziCfamFrJ2FR_JeO+Sv_Td2Kg@mail.gmail.com>
 <ZdecXZNUgQ3i0hYN@calimero.vinschen.de>
 <CAKAoaQ=rCwVHnHAqfd5C3kC45GPE4ZHbbgCWrdM64sojLMuMyA@mail.gmail.com>
 <Zdi-CnGX3CwWA0nl@calimero.vinschen.de>
 <CAKAoaQ=kLW3houqanjcN9Qk1++BtgW-dNRiXjLYwCRTYEzoN=w@mail.gmail.com>
 <CAAvCNcCHAVooYX2_tUHHnUYvWRKHWhBwxmKws7AcqjOo-sQd+g@mail.gmail.com>
 <Zdnq5yJha75NTpgd@calimero.vinschen.de>
 <CAAvCNcAEAr0gFdR_excafHq8+cYjDvf_APb1So-AAWGSu2+zTQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAAvCNcAEAr0gFdR_excafHq8+cYjDvf_APb1So-AAWGSu2+zTQ@mail.gmail.com>
List-Id: <cygwin.cygwin.com>

On Mar  5 23:38, Dan Shelton via Cygwin wrote:
> On Sat, 24 Feb 2024 at 14:11, Corinna Vinschen via Cygwin
> <cygwin@cygwin.com> wrote:
> >
> > On Feb 23 22:15, Dan Shelton via Cygwin wrote:
> > > HOWEVER, there is another Cygwin bug:
> > > "getent group mywingrp1" does not list any group members, even after
> > > "net localgroup mywingrp1 mywinuser44 /add", which is a POSIX
> > > violation.
> >
> > Not a bug.  Two problems:
> >
> > - Getting members of a group can be an extremly costly operation
> >   in a domain or, worse, a domain forest, or even worse, if the
> >   domain or domain forest is remote.
> >
> > - Alonmg the same lines, getting members of a group can be extremly
> >   costly in big orgs with thousands of users.  Nobody want's to clutter
> >   up space with the list of members in the "Domain Users" group.
> >
> > - Permissions to enumerate members of a group are restricted.
> >   By default only admins and group members are allow to enumerate
> >   members and this can be restricted further by domain admins.
> >
> > Therefore we dropped even trying to populate gr_mem, considering
> > that even in its original form on Unix systems, it's used only
> > to add supplementary groups.  To do this right on Windows is even
> > more costly than blindly enumerating.
> >
> > It's not a bug, it's a feature :)
> 
> Could you add an option to getent so that the full lookup can be
> requested via command line, pls?

That's not possible.  getent just calls getpwent/getgrent.

> Always editing /etc/nsswitch.conf
> forth and back is not a elegant solution, aside from race conditions
> with other users on a system

So, here we go again.

- What exactly are you trying to accomplish by enumerating the accounts?
  Maybe you won't actually need it for your task at hand.

- Why do you have to change nsswitch.conf "back and forth"?
  Just change it once and you're done.


Corinna