DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 4A9Hv1UI3220807
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 4A9Hv1UI3220807
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=vjXAcAIW
X-Recipient: archive-cygwin@delorie.com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 516953858C78
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1731175019;
	bh=xOIQgYWQSS0qiowVxiOj2M8mI04tSJECriWV2ypyGBg=;
	h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=vjXAcAIW6dwtyU7VUG2Lml5Thp2iSFYlBH4HjFXYjLK2OhCFAhD2anQUJKoKdNsrC
	 kHDcquVCxio6cqSzzgIzJ4FVNp6WN0sc/bGfRCuDFXUjA24phefZEnFM+kqd69aKdZ
	 1r+C9MLaaYhFefHJXBZNyxExW+MsQRUfN7b+XbYM=
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5A8FD3858D20
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5A8FD3858D20
ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1731174966; cv=pass;
 b=iuX8S7kRf9F1XT2fay0hksc1EMn3U361U/OjSLFqEKYWR4axA/RQtmkpuIPNLQ/qy7mzXuYwwOhamY+y34L54NWJT9/+dXAubSfGLcHfrHTAB0z/2h0xgBfuH/tayOXqP2wXu9tR0iJZBBGHEtS0KdDF6TB5GHnR1KmqdJSOARo=
ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key;
 t=1731174966; c=relaxed/simple;
 bh=UeUt7Q6iSHFiVKYI3T8Cb1LUWjNOs8Q6eyguKt7NOjs=;
 h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
 b=sP35szw9WS3rZ84KsQooZjZYRwWimFDdK/3BUS2NrAQsRj7T/4tXx2/QlYQjLShnIIdvdQV+S32F/zYi5C3Fi4UIOiZmBnJblHVukcUvdpaBefp7Qj77U1Izqf5GY9ACKrhZ5SAVkn+kxItWGjlsMHq0oDuAFKqmWdBLWPuu+5s=
ARC-Authentication-Results: i=2; server2.sourceware.org
X-Sender-Id: dreamhost|x-authsender|gisburn@nrubsig.org
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1731174962; a=rsa-sha256;
 cv=none;
 b=5O2OFjhSVcQkc0TVy14oTdrwh1Evwc6uJmsoU6AvgIzHQQdfy2TIZn93cwKExJ8pNJWoxw
 MB97szzQWHIrxFjxfbqyHUyUUsbE1Gqbld24/1Sc4J4NPaNj3fIqb7ALNCb9gVaVXqqTUt
 mPkuVf2Un9t1jt92qsunlT0VMsR55uY+KSWTsgyD2aEkr26hQLw5rWD8qmYmhyJqZOH1PG
 ZbOvMyy+chi5dbkQfi/G0JZWoN1kI9RGKzVW4mgNCHuLJh7+2s9mvwiH14XUJEnVBU4oLz
 PVb1d8dPOGdXpcFh4FcEjJlLTmxppGKft+QcoJAXAA/ASVE0bCJeTzkOkc6iEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net; s=arc-2022; t=1731174962;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references:dkim-signature;
 bh=EsGAfLWbDpF1kFDAJg8oKUk3Z7MW3Fke2udjwrYbd0k=;
 b=fftP0n+HIoJE1kiGurjigLXlR4UWvMa4RyOREoiMFUUgYrUCda78YTPoGepM0eraCIC9CQ
 6fRAYlvGhdPh1avQeeuLQJwUYxQ0oBWp1H+9MqmPWLk5+S8N22FEI87EDJu2NYKc1T9erg
 0kEiI34oGvB4qNp6SRG42PwYEb6+jrgyDIbYo87XczX1VvHcLcg4pMVVScfHnS/YifLW1q
 Rluw1L2C+57UTJjY1SaD2Iwt3aQMXdL3mScIijfLGIiWa8+tCh639vWxfgh35KfQzE1pT8
 yX47CA3NLIWa3WaKaXQtmSbHWfWA1+8bER155RWLztNYSFUksESTfKtIfALR9A==
ARC-Authentication-Results: i=1; rspamd-5b688f746d-wkjlg;
 auth=pass smtp.auth=dreamhost smtp.mailfrom=roland.mainz@nrubsig.org
X-Sender-Id: dreamhost|x-authsender|gisburn@nrubsig.org
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|gisburn@nrubsig.org
X-MailChannels-Auth-Id: dreamhost
X-Arithmetic-Hysterical: 6c48e2c3354bcad6_1731174963206_541615164
X-MC-Loop-Signature: 1731174963205:1999092003
X-MC-Ingress-Time: 1731174963205
X-Gm-Message-State: AOJu0YwzyaqnaTVfsmwkOH5xL2ktGUXU9Y+9f6B9MkmeDYTJqDLcKwhX
 pyu/UOO64G2ZdubSAIuvnRvdZsJdwrqbbmxaFHj2VAzJremm0sOzWOPsN/3PWxCwIVO3z/JnlLJ
 R6E+w/yrrnNxREvhkEU49VrAn7Pw=
X-Google-Smtp-Source: AGHT+IExzEvDi1J9X2+xLbHYBPjh0pB1EHE1Vq4hkVceRQ+M4ti2vYwTLh5GT1IBJWmr8he+2wGWW0t2UUzIGQ1xjcg=
X-Received: by 2002:a05:6000:785:b0:378:89be:1825 with SMTP id
 ffacd0b85a97d-381f1852682mr5618433f8f.49.1731174961332; Sat, 09 Nov 2024
 09:56:01 -0800 (PST)
MIME-Version: 1.0
References: <CAKAoaQ==gSPA7eiJN9LiLMcR1ktfE9CUTE1Bzc1oMDBs1PQhqw@mail.gmail.com>
 <Zy-VP7xZu-39qcio@calimero.vinschen.de>
In-Reply-To: <Zy-VP7xZu-39qcio@calimero.vinschen.de>
Date: Sat, 9 Nov 2024 18:55:35 +0100
X-Gmail-Original-Message-ID: <CAKAoaQm6Z7U97tXS20bAnqYy8KULpLStD10SWK-TM5GB9iWOtg@mail.gmail.com>
Message-ID: <CAKAoaQm6Z7U97tXS20bAnqYy8KULpLStD10SWK-TM5GB9iWOtg@mail.gmail.com>
Subject: Re: Stable SIDs for "None"+'"Administrator" ?
To: cygwin@cygwin.com
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
From: Roland Mainz via Cygwin <cygwin@cygwin.com>
Reply-To: Roland Mainz <roland.mainz@nrubsig.org>
Content-Type: text/plain; charset="utf-8"
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie.com@cygwin.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 4A9Hv1UI3220807

On Sat, Nov 9, 2024 at 6:00 PM Corinna Vinschen via Cygwin
<cygwin@cygwin.com> wrote:
> On Nov  9 17:31, Roland Mainz via Cygwin wrote:
> > Does anyone know a list of SIDs which can be used to get the
> > user+group accounts for passwd entry "Adminstrator" and group entry
> > "None" ?
> >
> > Our problem is that the actual account names vary with the system
> > locale, e.g. group entry "None" is "Kein" in "de_DE",  "Aucun" in
> > fr_FR etc. ...
> > ... so far we thought we fixed this by doing a lookup via SID, and
> > then remembering the localised name.
> >
> > But: The SIDs are apparently not stable between Windows versions.
> > For example:
> > ---- snip ----
> > # Windows Server 2022/en
> > $ getent group None
> > None:S-1-5-21-168624908-967194555-3343779530-513:197121:
> > # Windows Server 2019
> > $ getent group None
> > None:S-1-5-21-3286904461-661230000-4220857270-513:197121
> > ---- snip ----
>
> They *are* stable in that they are
>
>   ${Machine-SID}-513
>
> > And if there is no such list, would $ mkgroup | egrep
> > ':S-1-5-21-.+-513:' # be a suitable workaround ?
>
> No.
>
>   ${AD-SID|-513 == "Domain Users"
>
> I have not the faintest idea what the MS guys were thinking at the time,
> calling the group "None".  This is basically the equivalent of "Domain
> Users" for local accounts on machines not being domain controller.  A
> useful name would have been "Local Users" or "Machine Users", but,
> well, it is what it is.
>
> The safe way to check the SID is to fetch the machine SID attach the RID
> 513, and check for equality.

How can I get the "machine SID", preferably using /usr/bin/getent,
/usr/bin/getconf or /proc ?

----

Bye,
Roland
-- 
  __ .  . __
 (o.\ \/ /.o) roland.mainz@nrubsig.org
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 3992797
 (;O/ \/ \O;)

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple