Re: Final version of new ntsec documentation

[Corinna Vinschen <corinna-cygwin at cygwin dot com>]

On Dec  2 19:55, cygwin@cwilson.fastmail.fm wrote:
> Some brief comments:
> 
> "This paragraph..." should be "This section..."

Fixed.

> "as well as how the [Windows?] authentication model is used [within the
> cygwin environment] to allow [cygwin applications] to [switch the user
> context --> switch users] in a POSIX-like fashion." because "switch user
> context" seems a bit too "developer-speak". Might want to use the
> Windows-ism "switch users". (see below).

Changed.

> "POSIX like" should be "POSIX-like" throughout.

Fixed.

> "necessary to control who can how access an object" --> "necessary to
> control who can access an object, and to determine what they are allowed
> to do to or with it"

Fixed.

> "AD domains" --> "Active Directory (AD) domains" -- define acronym on
> first use.
> 
> Ditto UID, GID

Fixed. 

> "There's a convenient convention to type SIDs, [in which the seven (or
> eight) fields are represented numerically separated by hyphen characters.]"

The number of fields is not always seven or eight.  I wrote now "There's
a convenient convention to type SIDs, as a string of numerical fields
separated by hyphen characters." Does that sound ok?

> (by naming these elements "fields", you can then use the term when
> describing each field. For instance:)
> [...]
> "The next three numbers, all 32 bit values, are the unique..." --> "The
> next three numbers, fields five, six, and seven, are all 32 bit values,
> and contain the unique..."

I followed the idea, but I used a bit different wording.  Would you mind
to have another look?

> "For all the machines know there are two different accounts, one is..."
> --> "All machines on the network will treat these SIDs as identifying
> two separate accounts: one is..."

Ok.

> "rwx bits in a [unix-style] permission value"

Added.

> "For a full list please refer to the MSDN document Well-known SIDs. [*]"
> [*] insert plug here <g>: 'The csih package provides a tool,
> /usr/lib/csih/getAccountName.exe, which can be used to print the
> (possibly localized) name for the various well-known SIDS.'

Added.

> Section: "Switching the user context"
> Add filler here, something like "Windows users have long been accustomed
> to the "Switch User" feature, which switches the entire desktop to
> another user while leaving the original user's desktop "suspended".  On
> unix, this operation can be performed on a per-application basis and
> does /not/ suspend applications (or the desktop) belonging to the
> original user.  This is called "switching the user context" for that
> application, and is performed using the setuid and seteuid calls.
> 
> Windows doesn't support the concept of these calls in a simple fashion..."

I think that's a bit off from the point.  What about the "Run as..."
feature available in the context menu since Windows 2000?  That's much
more similar to what this chapter is trying to describe.  I understand
that this filler is for people who don't know much about this stuff.  So
I start as above but then add something about "Run as..." and generally
revamped the introductory text.  If you don't mind to have another look...

> That's all for now; looks pretty good overall.

Thank you for your thorough reading and the suggestions!

I also changed the C code example for switching the user context with
password slightly.  The "is_winnt" define was useless for instance.

I uploaded a new http://cygwin.com/1.7/cygwin-ug-net/ntsec.html again.


Thanks again,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat