delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2014/02/07/04:49:40

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:subject:message-id:reply-to
:references:mime-version:content-type:in-reply-to; q=dns; s=
default; b=RuFtI+fRUZZ3mAEwRe5qJw7spLqk4Atv4RqkH9EScYP3pYr+7Jcds
xGZvzgaLY1CiO59Oni2oORlhHl3TeHMPAxwkBhE4AoCTSxmOErhNlITw0qqmheL0
HebWdtHha02CXEJ9noicnNCdVZwWzD7PCiGlz9OJmhqQS7kVNx/+rQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:subject:message-id:reply-to
:references:mime-version:content-type:in-reply-to; s=default;
bh=0dDEUDFfbREY2xU7xJV9knxwjL4=; b=PPuku4qEdmdkKz2Zh5UY0uCIDaJH
zoihNF5sLUSUoOdfRXlYwFwlyFDimXZAaan4dqr8avaw5L7/Vl3XeGL6KJsZZUXo
cZj5Bjgse0c8hxChN/7t1G6kT1mpuDi9GL5viHMV5yaNEGtLX+GSsjzlzHfvEsUu
sf5J0d4NqQ+qUVw=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.6 required=5.0 tests=AWL,BAYES_00,SPAM_BODY1,TBC,UNSUBSCRIBE_BODY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Fri, 7 Feb 2014 10:49:17 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: get rid of getpwent? (Was: cygwin-1.7.28 getpwent header declaration changes ?)
Message-ID: <20140207094917.GN2821@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <52F339CA DOT 5070305 AT gmail DOT com> <20140206090117 DOT GD2821 AT calimero DOT vinschen DOT de> <52F361C5 DOT 3000807 AT gmail DOT com> <20140206141321 DOT GI2821 AT calimero DOT vinschen DOT de> <52F40208 DOT 5030901 AT etr-usa DOT com>
MIME-Version: 1.0
In-Reply-To: <52F40208.5030901@etr-usa.com>
User-Agent: Mutt/1.5.21 (2010-09-15)

--gCatpCT2/Jx0qRyG
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb  6 14:43, Warren Young wrote:
> On 2/6/2014 07:13, Corinna Vinschen wrote:
> >
> >Btw., it would be a good idea to get rid of calls to getpwent/getgrent
> >in future.  They *probably* won't do anymore what they were supposed to
> >do if you don't have passwd/group files.
>=20
> There must be a way to list an executable's DLL imports, and thereby
> do a survey on Cygwin to see which executables currently import
> those functions.  If so, I know a guy who currently has all of
> Cygwin downloaded and ready to re-install, to test this. :)

Try this:  strings -f /bin/*.exe /bin/*.dll | grep getgrent

> > A full implementation would
> >require to enumerate the local SAM and, at least, the primary domain
> >accounts at runtime.  That would be possible, but it comes at a hefty
> >price in terms of performance.
>=20
> Linux and Cygwin are pretty much the last ones standing when it
> comes to preferentially reading plain text files in /etc for user
> info.  Big iron Unix, the BSDs, and Mac OS X now all treat these
> files as secondary to some behind-the-scenes database.

Which would be SAM and AD for us.

> In some of these systems, you can edit /etc/foo and run a command to
> manually sync that content back to the "real" user info DB.  (e.g.
> the BSDs)  In others, direct edits to these files are ignored, but
> the OS syncs a subset of changes to the user info DB to these files,
> for the benefit of getpwent() and friends.  (e.g. Mac OS X.)

That won't make much sense on Cygwin.  The idea is to use the existing
OS tools to maintain the user/group databases in the first place.
Having said that, it would, of course, be possible to implement Cygwin
command line tools along the lines of useradd/usermod/groupdel.  For AD,
they would just have to use LDAP, as Cygwin will do to read the account
info.  It's pretty simple, as far as you view LDAP as simple,

> In Cygwin, we have a kind of hybrid of these, owing to the fact that
> the integration between Cygwin and Windows is pretty much one-way.
> We have mkpasswd/group, which treats the DB as primary, like OS X,
> but which must be run manually to sync changes, like the BSDs.

That won't be necessary anymore.  In fact, I would prefer if we could
do without the passswd and group files, but we have to keep them
for backward compatibility at least.

However, I found that one functionality has to go completely.  It will
not be possible anymore to ssh into your machine and add yourself to
arbitrary groups by adding your user name to groups in /etc/group.  This
is just not feasible anymore.

> I don't see a reason for this to change, given that so many other
> POSIX systems share aspects of this behavior.

Sorry, I lost you there.  What exactly of the current behaviour do
you want to keep?

> It would be nicer if Cygwin behaved more like OS X in this regard.
> That is, for mkpasswd/group to be run automatically when the SAM/AD
> changes.  I don't see Microsoft doing that for us, though.

Cygwin will directly read from SAM/AD.  What's the point of automating
writing passwd and group files?  Also, the usual problem:  What exactly
do you write to passwd/group?  If you write all users of a big corp,
the files get really big.  So far, every exec'ing process is reading
the files anew.  This is *so* 1990ths.

> The only way I can think of for Cygwin to do that for itself would
> be to run mkpasswd/group from setup.exe, in the same way that it
> runs autorebase.

Sorry, but that sounds rather backward to me.  And again, what exactly
do you write to the files?  Only local accunts?  Or local and primary
domain?  Or local, primary domain and all trusted domains?  And what do
you do with local changes to the files?  mkpasswd/mkgroup would
overwrite all changes, which does not sound like a terribly good idea to
me.

> I realize the current recommended practice is to keep /etc/foo as
> small as possible, but shouldn't an AD/SAM DB lookup be faster than
> a linear scan of a large /etc/foo file?  Why lament the fact that
> getpwent() is slow, when getpwnam() is its logical replacement, and
> presumably much faster?

I don't lament the fact.  The problem is that a SAM/AD scan would have
to be implemented in Cygwin in the first place.  And then again, what do
you suppose Cygwin should do in big AD forests?  Enumerate all accounts
of all trusted domains?  As of today, this is an unsolved problem,


Corinna

> (I assume getpwnam() consults SAM/AD in Cygwin, now or in Cygwin.next.)

It checks for the file first, then it asks SAM/AD.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--gCatpCT2/Jx0qRyG
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJS9KwdAAoJEPU2Bp2uRE+gOeMQAIqr3JFY4XWg6/rsqmQTzhPx
wxkSvq+yIvewA8cQl61AU9A5BcpL0bQ4F2baHMmVmLtS0iAiQFVU+CkRihaCa0ub
B7CaS+wgvLVNWPJUBbIdMKKvoSeOPTwJmEgBM4rc4j5Mr1VGNDlEi/gzxgUvtELP
yPqOFANC2qJZvg5HGTpnadxRWZxwXFByV3LA7/Svs34kB0L1Uf9JMvVSstiy6ovx
D5YUbGlmCQgjrdozf19yZ2daoSGmPXlgZjEThsRlJ7fNe7KoyssyyqEi8LVwCqTE
Qae8ClIcS0r3S334gOF7sCGkbdZBys+zL7wvKKpkWi/u0Q1GwzFT49WQcO2b2RlS
KXaCVggcTNM8HStllH3zAeKhhC3KQXvzAich0rtRXT/2Hf64BY/wP/b7jLv5S9S0
rEPBRNfElp+1p2nop74SfjRIJ4CGVsi5deQnnD+qDZez+LZUF2h2hc7lO4JA2GxF
SsLbQ0T7Gyp3WtlktPTmJV/T478LMb0g/ky/6R6W3SscDxLqrvXcFAyV49WuZIYU
jy9y/Yc3uKcK9x3DNCZ6DzxTagPWKHqjC3tyHpkSoH27W/991HrOB7HCCReHoikF
Y6e14gFMBVNizPOIR+EV9Mx75B2M1YMRBU/qYqKItLGCo67XsKV5z3IJO1anL5Z+
p2YPyHb9oYiYKosRBmIS
=e/qa
-----END PGP SIGNATURE-----

--gCatpCT2/Jx0qRyG--

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019