Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Sat, 15 Mar 2003 10:27:17 -0500
From: "Pierre A. Humblet" <pierre DOT humblet AT ieee DOT org>
To: cygwin AT cygwin DOT com
Subject: Re: [ANNOUNCEMENT] New release of setup.exe (2.249.2.10)
Message-ID: <20030315152717.GA930535@hpn5170x>
Mail-Followup-To: "Pierre A. Humblet" <pierre DOT humblet AT ieee DOT org>,
	cygwin AT cygwin DOT com
References: <20030313205847 DOT E1E4B1C221 AT redhat DOT com> <3E710A26 DOT 5050207 AT t-online DOT de> <20030314025249 DOT GB33739617 AT hpn5170x> <3E718AD8 DOT 4010209 AT t-online DOT de> <3E71E49E DOT 3D2F3ABF AT ieee DOT org> <3E720A5A DOT 9060804 AT t-online DOT de> <3E730EBB DOT 9080700 AT attglobal DOT net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3E730EBB.9080700@attglobal.net>
User-Agent: Mutt/1.4i

On Sat, Mar 15, 2003 at 03:30:03AM -0800, Doug VanLeuven wrote:
> 
> I wish I had just one domain.  To set this up in a mutidomain
> environment, I'm finding
> I install as an administrator of one of the domains DOMAIN1
> create local passwd & group files
> 	passwd.local & group.local
> create domain passwd & group files:
> 	passwd.DOMAIN1 & group.DOMAIN1
> Then log in as an admin in domain DOMAIN2
> create domain passwd & group files:
> 	passwd.DOMAIN2 group.DOMAIN2
> ...

Why do you need to log in several times instead of using
repeatedly mkpasswd -d DOMAINX? Is it for access right reasons?
Also, how do you avoid having duplicated uids? Do you use the
-o switch ?

If it weren't for the access right problems (can you solve them
by having one user that has access everywhere), mkpasswd could be 
extended to take several domains at once. It could also avoid 
duplicating uids. Would that help you?

> Then finally combine them all
> 	cat passwd.* | sort | uniq > passwd
> The sort & uniq is to remove the extra local accounts thoughtfully
> provided when generating the domain password files.

Yep, we should think of removing them. It should never happen than
a passwd file is created solely by providing the -d switch.
 
> The problem is when a user logs on who is more recent than when the
> passwd file was initially created and so doesn't exist in /etc/passwd.
> The user may not have admin privilege to regenerate the entire domain
> file, but could extract their own info and append it via a craftily
> written /etc/profile that performed the regeneration when the user
> doesn't exist.
> No, I'm not going into the overhead to associate the proper
> uid offset.
> 
> (mkpasswd -u $USERNAME -d $USERDOMAIN; cat passwd.*)|sort|uniq >passwd

How large is /etc/passwd in the end? 
Do you really need to have all the users in the file?

> Then, I can periodically ship out an updated passwd.DOMAIN file to
> be included by logon scripts, without having to have personalized
> passwd files that reflect each machine's differing local accounts.
> 
> I just wanted to put it out there that seperately maintained
> passwd files for the domain(s) & local accounts and a final
> merge offer some real advantages.

Thanks for the tip.

Pierre

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/