This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
RE: HEADSUP: New getent tool to read passwd and group data
- From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
- To: <cygwin-apps at cygwin dot com>
- Date: Fri, 21 Feb 2014 16:20:50 -0500
- Subject: RE: HEADSUP: New getent tool to read passwd and group data
- Authentication-results: sourceware.org; auth=none
- References: <20140220193814 dot GU2246 at calimero dot vinschen dot de> <025d01cf2f2d$014b0040$03e100c0$ at ieee dot org> <20140221202745 dot GE2246 at calimero dot vinschen dot de>
> From: Corinna Vinschen
> Sent: Friday, February 21, 2014 15:28
> On Feb 21 12:47, Pierre A. Humblet wrote:
> > > From: cygwin-apps-owner[...]
> > > On Behalf Of Corinna Vinschen
> > > Sent: Thursday, February 20, 2014 14:38
> > > To: cygwin-apps[...]
> > >
> > > Hi guys,
> > >
> > >
> > > I just uploaded the new getent package and sent the announcement,
> > >
> > > I'm repeating myself here because this is really important and I'm
> > > not sure everybody on this list reads the cygwin and cygwin-announce
> lists.
> > >
> > > In short, we want to get rid of the requirement to maintain
> > > /etc/passwd and /etc/group files, per
> > > http://cygwin.com/ml/cygwin/2014-02/msg00306.html
> > >
> > > In future, tools and scripts, especially service installation helper
> > > scripts like my ssh-host-config, must not rely on being able to grep
> > > user and group information from /etc/passwd and /etc/group.
> > >
> > > Rather, the scripts should be changed to use the getent tool as soon
> > > as possible. Usage for checking passwd:
> > >
> > > $ getent passwd <username...>
> > >
> > > I'd like to ask all maintainers providing such scripts, including
> > > myself, to look into their packages and fix them to use the getent tool.
> > >
> >
> > Corinna,
> >
> > For packages such as exim we need to find the uid of System and of
> Administrator, which the user can set any which way in passwd.
> > So we lookup the SID (not the username) to get the uid (or gid).
>
> The SID of the administrator or the SID of the administrors group?
> The SID of the local administrator makes only marginal sense to me.
> What do you need it for?
I mean the administrators group.
It's needed for example to set the ownership of the configuration file.
The daemon checks that the file is owned/writable only by privileged users.
Similarly in cron the crontab files need to be readable by admins. cronbug checks for that
> > Is there an equivalent mechanism using getent ?
> > Else, could Cygwin disregard the passwd entries for these 2 users and use
> only the fixed values determined by the mapping from Windows?
>
> You should not have to expect a name change for the SYSTEM and the
> Administrators account. It should be entirely sufficient to check for the user
> Administrator and the user SYSTEM or +SYSTEM.
Is that independent of local language?
> If you really want to check
> by SID, feel free to enumerate all accounts by just omitting the username and
> scan for the SID you're looking for:
> $ getent passwd | grep ',S-1-5-32-544:'
>
> $ getent group | grep ':S-1-5-18:'
OK, thanks, that will work.
We have had cases of people in very large organizations trying to build the password with mkpasswd -d and that ended up taking hours. Won't the above run in the same issue? This needs to run in postinstall.
Pierre