From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22703 invoked by alias); 22 Jan 2007 15:23:19 -0000 Received: (qmail 22695 invoked by uid 22791); 22 Jan 2007 15:23:18 -0000 X-Spam-Check-By: sourceware.org Received: from main.gmane.org (HELO ciao.gmane.org) (80.91.229.2) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 22 Jan 2007 15:23:11 +0000 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1H90y6-0007Dy-BL for cygwin@cygwin.com; Mon, 22 Jan 2007 16:20:23 +0100 Received: from 71-89-37-194.dhcp.stpt.wi.charter.com ([71.89.37.194]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 22 Jan 2007 16:20:22 +0100 Received: from mark_z by 71-89-37-194.dhcp.stpt.wi.charter.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 22 Jan 2007 16:20:22 +0100 To: cygwin@cygwin.com From: Mark A. Ziesemer Subject: Re: Date: Mon, 22 Jan 2007 15:23:00 -0000 Message-ID: References: <001a01c73dae$7dec4af0$6152a8c0@ziesemermark> <20070122093419.GR27843@calimero.vinschen.de> <45B4B622.9040406@byu.net> <20070122132934.GU27843@calimero.vinschen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit User-Agent: Loom/3.14 (http://gmane.org/) X-IsSubscribed: yes Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2007-01/txt/msg00696.txt.bz2 Corinna Vinschen cygwin.com> writes: > > >> When "id" is called without a username, it calls the getgroups(...) > > >> function > > >> which appears to work as expected. However, when a specific username is > > >> passed, even the username of the current user, getugroups(...) is called, > > >> and does _not_ appear to work as expected. > > > > > > That's by design. getgroups() has access to the user token of the > > > current process and returns every group which is in this token. > > > getgrent() is a function which enumerates /etc/groups. > > > > So my translation of this would be that the bug is not in id, but in the > > fact that your /etc/groups is out-of-date. Use mkgroups to remedy the > > situation. > > A little bit more specific: Use the mkgroup -u flag. By default, > mkgroup does not add the users to the gr_mem field since that's not > necessary for correct operation of setuid(2). By adding the users > to the gr_mem field (the -u option), you probably get what you want. Better, but could still use improvement, IMO... The documentation isn't very strong here, so I'm sorry I didn't find this earlier. From http://cygwin.com/cygwin-ug-net/using-utils.html#mkgroup: "The -u option causes mkgroup to enumerate the users for each group, placing the group members in the gr_mem (last) field. Note that this can greatly increase the time for mkgroup to run in a large domain. Having gr_mem fields is helpful when a domain user logs in remotely while the local machine is disconnected from the Domain Controller" This implies that "-u" is not required for proper groups functionality, but is maybe just used as a backup when the DC is unavailable. (And in my case, there is no domain.) Also, this means that "mkgroup -ul >/etc/group" will have to be re-run every time there is a change in group membership - not the best option. Since Cygwin already lets the underlying OS take care of much of the security (handling passwords, etc.), can't Cygwin just ask Windows for the user's groups when needed, to? -- Mark A. Ziesemer -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/