delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/1999/11/27/04:26:25

Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT sourceware DOT cygnus DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com>
List-Archive: <http://sourceware.cygnus.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sourceware DOT cygnus DOT com>
List-Help: <mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender: cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com
Message-ID: <383FA276.8E303D9B@vinschen.de>
Date: Sat, 27 Nov 1999 10:20:54 +0100
From: Corinna Vinschen <corinna AT vinschen DOT de>
X-Mailer: Mozilla 4.6 [en] (WinNT; I)
X-Accept-Language: de,en
MIME-Version: 1.0
To: Andre Oliveira da Costa <costa AT cade DOT com DOT br>
CC: cygwin AT sourceware DOT cygnus DOT com
Subject: Re: CYGWIN environment var
References: <001901bf3837$5f499dc0$8400000a AT costa DOT cadenet DOT com DOT br>

Andre Oliveira da Costa wrote:
> [...]
> there. So, the right question should have been: "where can I find up-to-date
> information on the ntsec option of the CYGWIN env var?" (also, it would be

If you talk about Cygwin 1.0, info on ntsec is in the manual,
page 54ff.

The same text is found in the snapshots, file "winsup/doc/ntsec.sgml"

Latest snapshots have an extended version of ntsec. No documentation
yet but a brief description as posted to the developers mailing list:

============ SNIP ==============
Hi!

I have patched ntsec so, that SIDs are used, that were previously
saved in /etc/passwd and /etc/group. This has following advantages:

- Correct working ntsec in domain environments.

- Non-login accounts (users _and_ groups) may get another name in
  /etc/passwd and /etc/group files than their NT account name.
  The new name is transparently used by applications (so chown,
  chgrp, ls -l, etc. use them now),
  e.g.:
        root::500:513:...
  instead of
        administrator::500:513:...

  No problem if running in console window,
  BUT: If you need the account to login via telnet, ssh or similar
  the login name _must_ be the NT user name.

- Cygwin UIDs and GIDs are now not necessarily the RID part of the
  NT SID:
  e.g.:
        root::0:513:...
  instead of
        administrator::500:513:...
        
- As with U*X systems, UIDs and GIDs numbering scheme now don't
  influence each other, so it's possible to have same Id's for a
  user and a group,
  e.g.:
        /etc/passwd:
        root::0:0:...           # former 'administrator::500:544:...'

        /etc/group:
        root::0:                # former 'administrators::544:'

Disadvantages, if you like to use the new features:
- /etc/passwd: The pw_gecos field has to contain a SID as the last
  element of the comma separated list.
- /etc/group: The gr_passwd (former unused) has to contain a SID.

If no SIDs are found in /etc/passwd and /etc/group, ntsec acts like
the previous version.

The SIDs are saved in standard WinNT notation (S-1-5-32-...)
the utilities mkpasswd and mkgroup are patched, to support the new
format:

- mkpasswd and mkgroup generate SIDs by default. This behaviour may
  be switched off by the new commandline option `-s' or `--no-sids'.

Moreover, mkpasswd generates the home dir path with the function
cygwin_conv_to_posix_path(), so mount points are used now. This
behaviour may be changed to `/cygdrive/<Driveletter>' by using the
commandline option `-m' or `--no-mount'.
============ SNAP ==============

Regards,
Corinna


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019