Mail Archives: cygwin/2024/11/09/13:25:35

Christian Franke via Cygwin <cygwin AT cygwin DOT com> · Sat, 9 Nov 2024 19:25:04 +0100

Roland Mainz via Cygwin wrote:
> On Sat, Nov 9, 2024 at 6:00ā€ÆPM Corinna Vinschen via Cygwin
> <cygwin AT cygwin DOT com> wrote:
>> On Nov  9 17:31, Roland Mainz via Cygwin wrote:
>>> Does anyone know a list of SIDs which can be used to get the
>>> user+group accounts for passwd entry "Adminstrator" and group entry
>>> "None" ?
>>>
>>> Our problem is that the actual account names vary with the system
>>> locale, e.g. group entry "None" is "Kein" in "de_DE",  "Aucun" in
>>> fr_FR etc. ...
>>> ... so far we thought we fixed this by doing a lookup via SID, and
>>> then remembering the localised name.
>>>
>>> But: The SIDs are apparently not stable between Windows versions.
>>> For example:
>>> ---- snip ----
>>> # Windows Server 2022/en
>>> $ getent group None
>>> None:S-1-5-21-168624908-967194555-3343779530-513:197121:
>>> # Windows Server 2019
>>> $ getent group None
>>> None:S-1-5-21-3286904461-661230000-4220857270-513:197121
>>> ---- snip ----
>> They *are* stable in that they are
>>
>>    ${Machine-SID}-513
>>
>>> And if there is no such list, would $ mkgroup | egrep
>>> ':S-1-5-21-.+-513:' # be a suitable workaround ?
>> No.
>>
>>    ${AD-SID|-513 == "Domain Users"
>>
>> I have not the faintest idea what the MS guys were thinking at the time,
>> calling the group "None".  This is basically the equivalent of "Domain
>> Users" for local accounts on machines not being domain controller.  A
>> useful name would have been "Local Users" or "Machine Users", but,
>> well, it is what it is.
>>
>> The safe way to check the SID is to fetch the machine SID attach the RID
>> 513, and check for equality.
> How can I get the "machine SID", preferably using /usr/bin/getent,
> /usr/bin/getconf or /proc ?

If domain info is excluded from mkgroup output, the one and only S-*-513 
group should contain the machine SID:

$ sid=$(mkgroup -l | sed -n 's/[^:]*:\(S-[-0-9]*\)-513:.*$/\1/p')

$ test $(wc -l <<<"$sid") = 1 || echo 'My assumption was wrong :-)'

-- 
Regards,
Christian

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 4A9IPYxs3226577
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 4A9IPYxs3226577
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=qbxFUUU3
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 9C023385840A
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1731176733;
	bh=vx2AnM6JjkD+mHMgDKbgKDKLHEXFbYwuyOiVMoysMSk=;
	h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	From;
	b=qbxFUUU3+7duSyo3yyCy8JOPEnCYVUeIDO+E5o0bqVtc1bPFbXwCFQ1VMw/73kRDR
	vMHVRilLJgjMbr/PefC53JpVbYKBoo1NY5NEn4LtW7i3r4eSj0n/IjmLcXbIyOLsSh
	4L1C+q/N5ZfPf4MfH8LRnUcUV1jvHK3TZcwi8bkg=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 5E31C3858D20
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 5E31C3858D20
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1731176714; cv=none;
	b=EhDxC//jGewz4P05J7sAY3bPvhpHa4PdAzqkOv5Kqq0+vTawfWI9pyf++Y9xijG4zGrR3rc5KiTBaI/Utx7iwpJvmFT5ApdAsnR7CYIy6aXLazAcN/4zrCUQRl8Ms7qwOZM0GlN2+HgZVrp4ouXeEQrnAIl1+KwF4u1lk5jGFzA=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1731176714; c=relaxed/simple;
	bh=ylPhRX4pnT3mKY27zHFkHa+fVKkdvOkzicdhd6gDSRs=;
	h=Subject:To:From:Message-ID:Date:MIME-Version;
	b=mf3scftxzM+gZLMuf3/wiwnI2kkfR8NGQ2lERpaW7gk3vy8ASnjRsH/Pz9Ciok/AGKfLbWX2lQqZtU/DADOBpyiCCtKH0GUrvnlVFVDcupLkQvUA1hofpHG1ze9I4/5p9SrnV0Xr9BJMUtggwky+lVfbi6rMSVukxwXXBCILPLM=
ARC-Authentication-Results:	i=1; server2.sourceware.org
Subject:	Re: Stable SIDs for "None"+'"Administrator" ?
To:	cygwin AT cygwin DOT com
References:	<CAKAoaQ==gSPA7eiJN9LiLMcR1ktfE9CUTE1Bzc1oMDBs1PQhqw AT mail DOT gmail DOT com>
	<Zy-VP7xZu-39qcio AT calimero DOT vinschen DOT de>
	<CAKAoaQm6Z7U97tXS20bAnqYy8KULpLStD10SWK-TM5GB9iWOtg AT mail DOT gmail DOT com>
Message-ID:	<e2fe0e70-3f8c-9f22-c8ce-a3669acaf746@t-online.de>
Date:	Sat, 9 Nov 2024 19:25:04 +0100
User-Agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
	SeaMonkey/2.53.18.2
MIME-Version:	1.0
In-Reply-To:	<CAKAoaQm6Z7U97tXS20bAnqYy8KULpLStD10SWK-TM5GB9iWOtg@mail.gmail.com>
X-TOI-EXPURGATEID:	150726::1731176705-79FF945E-C5016728/0/0 CLEAN NORMAL
X-TOI-MSGID:	7cd5e3f8-e697-40d2-bcc0-a34a79eb9cc6
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Christian Franke via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	cygwin AT cygwin DOT com
Cc:	Christian Franke <Christian DOT Franke AT t-online DOT de>
Errors-To:	cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 4A9IPYxs3226577

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019