This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Final version of new ntsec documentation


Some brief comments:

"This paragraph..." should be "This section..." (In American usage, a
paragraph is a set of sentences without an intervening indentation or
extra line spacing...maybe this is a British-ism? Anyway, "This
paragraph" is only one sentence long...so what does the rest of the
section talk about? <g>)

"as well as how the [Windows?] authentication model is used [within the
cygwin environment] to allow [cygwin applications] to [switch the user
context --> switch users] in a POSIX-like fashion." because "switch user
context" seems a bit too "developer-speak". Might want to use the
Windows-ism "switch users". (see below).

"POSIX like" should be "POSIX-like" throughout.

"necessary to control who can how access an object" --> "necessary to
control who can access an object, and to determine what they are allowed
to do to or with it"

"AD domains" --> "Active Directory (AD) domains" -- define acronym on
first use.

Ditto UID, GID

"There's a convenient convention to type SIDs, [in which the seven (or
eight) fields are represented numerically separated by hyphen characters.]"

(by naming these elements "fields", you can then use the term when
describing each field. For instance:)

"The leading "S" has no further meaning except to show that this is a
SID." --> "The first field is always an "S", and has no further meaning
except to show that this is a SID."

"The next number is a version number which is always 1 so far." --> "The
second field is a version number of the SID format, which has been 1 for
all versions of windows released as of the date of this writing (e.g.
Windows Vista)" or something like that.

"The next two numbers are the authority... " --> "The third and fourth
fields represent the 'authority' of the SID; this can be thought of as
the 'type' or 'category' to which the SID belongs. (That's not entirely
accurate, but will do for our purposes.)"

"builtin accounts and accounts with very special meaning[, which have
certain well known values in these third and fourth fields.]"

"The next three numbers, all 32 bit values, are the unique..." --> "The
next three numbers, fields five, six, and seven, are all 32 bit values,
and contain the unique..."

"For all the machines know there are two different accounts, one is..."
--> "All machines on the network will treat these SIDs as identifying
two separate accounts: one is..."

"rwx bits in a [unix-style] permission value"

"For a full list please refer to the MSDN document Well-known SIDs. [*]"
[*] insert plug here <g>: 'The csih package provides a tool,
/usr/lib/csih/getAccountName.exe, which can be used to print the
(possibly localized) name for the various well-known SIDS.'

Section: "Switching the user context"
Add filler here, something like "Windows users have long been accustomed
to the "Switch User" feature, which switches the entire desktop to
another user while leaving the original user's desktop "suspended".  On
unix, this operation can be performed on a per-application basis and
does /not/ suspend applications (or the desktop) belonging to the
original user.  This is called "switching the user context" for that
application, and is performed using the setuid and seteuid calls.

Windows doesn't support the concept of these calls in a simple fashion..."

That's all for now; looks pretty good overall.

--
Chuck


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]