This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Some domain groups not found by 'mkgroup --domain'


OK, I think I've figured this out. We use a tool called "Microsoft User Manager
for Domains" to manage domain user and group accounts. That tool has the
ability to add what it calls a "global" or a "local" group. It turns out that a
"local" group means a group that is local to the domain controller. I wrote
some code to query the domain controller for its list of groups, and sure
enough, all the groups that are missing (from my point of view) from 'mkgroup
-l' and 'mkgroup -d' show up when I use NetLocalGroupEnum and pass it the name
of the domain controller as the server.

Here's the problem that precipitated this question. When I write files to a
shared directory on that controller using cygwin tools, the permissions all
seem to be ---------- on those files. My domain user account is a member of one
of those "local" accounts on the domain controller. I thought that if I added
those group definitions into /etc/group, the problem might be alleviated, at
least somewhat.

Does that make any sense?

Rick Rankin
rick_rankin@yahoo.com
--- Corinna Vinschen <vinschen@redhat.com> wrote:
> Rick Rankin wrote:
> > 
> > I'm not sure exactly how to provide an example -- the situation simply
> exists.
> > However, I've been poking around in the MSDN documentation, and I've found
> some
> > [...]
> 
> To keep it simple:
> 
> Each NT/W2K machine has local groups. A local group is only valid
> on the local machine. They are retrieved by the function
> `NetLocalGroupEnum' or in a Cygwin environment on the command line by
> `mkpasswd -g' or `mkgroup -l'.
> 
> A domain is a domain is a domain. A domain has domain groups which
> are sometimes named `global groups' by the Microsoft documentation.
> These groups are retrieved by the function `NetGroupEnum' or on
> the command line by `mkgroup -d DOMAIN'. If you don't give a domain
> name, the default domain is used.
> 
> Domain (or global) groups may be member of local groups while
> domain groups may only have users as members.
> 
> There's another class of groups which is called `predefined local
> group' or similar. That are the groups which already exist on a
> machine when it has been installed. Examples are the administrators
> group or the guest group. Except that they are predefined they
> behave the same as later defined local groups.
> 
> I suggest (how boring) reading the ntsec chapter in the online
> users guide:
> 
>    http://sources.redhat.com/cygwin/cygwin-ug-net/ntsec.html
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Developer                        mailto:cygwin@sources.redhat.com
> Red Hat, Inc.
> mailto:vinschen@redhat.com
> 
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
> 



__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.
http://shopping.yahoo.com/

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]