This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC] Globally creating a user and a group "root"


At 05:58 PM 11/11/2003 +0100, you wrote:
>
>What about generating a root group with mkgroup -l by default?
>
>  root:S-1-5-32-544:0:
>
>The question is then, should it *also* generate an administrators entry
>
>  Administrators:S-1-5-32-544:544:
>
>or should it generate the "root" entry *instead* of the administrators
>entry?

You can add exim as another affected package.

Obviously I am for maintaining compatibility with existing installations
(544 must work), some of which still have Everybody with gid 0 (using 0
as mapping to S-1-5-32-544 is risky).

Note that if a file has group S-1-5-32-544 and this is also the primary
group of a user, then stat() will report the file gid as the gid of the
user in the /etc/passwd file (due to caching). This could be 544
(e.g. when running as SYSTEM with existing password files) or 0 (with
the new root user, with gid 0), independently of /etc/group.

This indeterminacy might cause headaches during the transition period,
it's hard to foresee all ramifications.

This being said, exim shouldn't care as long as 544 maps to S-1-5-32-544.
It autodetects if it is privileged and, if so, setgid(544) & setuid(18)
to normalize its environment (that was done with Windows 2003 in mind).
However the current exim-config script will produce warnings if 544 appears
after 0 (I will modify it to learn the Admins gid).

In summary, no problem (AFAICS) if 544 appears before 0. I need a decent
transition period before you reverse the order (affects only new
exim installs), and a long one before you get rid of 544 (affects existing
installations).  

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]