Mail Archives: cygwin/2005/07/12/04:13:30
> Well, you *do* need an entry for your domain user. That's
> accomplished
> with "mkpasswd -d -u YOURUSERNAME" (which will only query the PDC for
> YOURUSERNAME, not list all users). I'm no security expert,
> but I think
> there's enough local information that "mkpasswd -l -c" ("-c"
> stands for
> "current user") works too (it doesn't query the PDC).
I think it does. Out of curiosity, I compared the output of
mkpasswd -l -c
and
mkpasswd -d -u fischron
and the difference, with respect to the entry for my user id, is: In the
case
of -c -l, the /etc/passwd entry reads
fischron:unused_by_nt/2000/xp:121833:10513:fischron,U-EU\fischron,S-1-5-
21-2052111302-842925246-682003330-111833:/cygdrive/h:/bin/bash
and with -u fischron, it reads
fischron:unused_by_nt/2000/xp:121833:10513:Fischer Ronald (IT BT CFS IKM
External),U-EU\fischron,S-1-5-21-2052111302-842925246-682003330-111833:/
/MUCSDN03/FischRon:/bin/bash
So the only essential difference is that my home directory is specified
as the network drive in the latter case, and as Windows drive in the
former.
I think you agree that these differences don't effect operation of
Cygwin in any
way, don't you?
> > I tried "-d" on mkgroup once (where it goes slightly faster), and it
> > ended up with a group file of about 30000 entries!
>
> Yes. You only need the groups that your domain user belongs
> to. Since
> I'm not in a domain, I don't know how to get a list of those,
> but I'm sure
> someone here will respond with this info.
Well, I checked my /etc/passwd and found that it refers to only 3
different
groups: 544 ("Administrators"), 513 ("None") and 10513. When I do a
mkgroup -l -c, group 10513 becomes a group with name mkgroup_l_d, which,
as I understand from your explanation, is a hint that there could be
a problem. But when I do a
mkgroup -d -g 'Domain Users'
then group 10513 is listed as belonging to the domain users. So as a
solution,
I recreated the group file by
(mkgroup -l; mkgroup -d -g 'Domain Users') >/etc/group
which yielded the following /etc/group:
SYSTEM:S-1-5-18:18:
None:S-1-5-21-602162358-162531612-725345543-513:513:
Administrators:S-1-5-32-544:544:
Backup Operators:S-1-5-32-551:551:
Guests:S-1-5-32-546:546:
Power Users:S-1-5-32-547:547:
Replicator:S-1-5-32-552:552:
Users:S-1-5-32-545:545:
Debugger Users:S-1-5-21-602162358-162531612-725345543-1001:1001:
Domain Users:S-1-5-21-2052111302-842925246-682003330-513:10513:
I think this should be correct now, doesn't it?
> > I don't think I want it. I just don't see what advantage it
> has. And,
> > after all, that information is outdated the next day anyway, because
> > there are continuously systems coming and going.
>
> Huh? The domain users/groups live on the PDC, which is one machine.
> Unless you mean that users and groups are constantly added
> and deleted?
Yes, my rough guess is that a few dozen of users are added daily in
the average, and about the same number deleted.
>
> But you're right, if you're the only user on the machine,
> "mkpasswd -d" is
> overkill. "mkpasswd -d -u YOURUSERNAME" isn't.
Here again, you have to combine both by
(mkpasswd -l; mkpasswd -d -u fischron) >/etc/passwd
because mkpasswd -d -u fischron alone would *only* write the entry
belonging to my username, but would omit entries such as Guest, Admin
etc.
Regards,
Ronald
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -