Message-Id: <200810071823.m97INTCs007033@delorie.com>
X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Herb Maeder <maeder-cygml AT maeder DOT org>
Subject: invalid login gid in /etc/passwd does not show group name as 'mkgroup'
Date: Tue, 07 Oct 2008 11:22:29 -0700
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

The "Special values of user and group ids" section of the Cygwin User's 
Guide (http://cygwin.com/1.7/cygwin-ug-net.html#ntsec-ids) states:

   Also, since Cygwin release 1.3.20, if the current user is present in 
   /etc/passwd, but that user's login group is not present in /etc/group,
   the group name will be shown as 'mkgroup', again indicating the 
   appropriate command.

I don't see that this holds true, at least for the case of a Domain User.
In fact, I see that an invalid login group id will be shown as a group
name of 'Domain Users' even though there is no such gid listed in
/etc/group. This can be confusing since things appear to work normally on
the surface, but some commands may fail in some not-so-obvious ways as a
result of the invalid login gid.

I noticed this under cygwin-1.7, but I believe the same holds under
cygwin-1.5. 

This is my passwd entry, 'id' output, and group id from a file created by
me:

  % grep herb /etc/passswd
  herb:unused:11647:10513:U-ZZZ\herb,S-1-5-21-1936786716-3317986166-2952453263-1647:/c/home/herb:/bin/bash

  % grep :10513: /etc/group
  Domain Users:S-1-5-21-1936786716-3317986166-2952453263-513:10513:

  % id
  uid=11647(herb) gid=10513(Domain Users) groups=545(Users),10513(Domain Users)

  % touch foobar
  % ls -ln foobar
  -rw-r--r-- 1 11647 10513 0 Oct  7 10:27 foobar

If I change the uid from 10513 to 898 (not in /etc/group), then fire up a
new window+shell, I see this:

  % grep herb /etc/passwd
  herb:unused:11647:898:U-ZZZ\herb,S-1-5-21-1936786716-3317986166-2952453263-1647:/c/home/herb:/bin/bash

  % grep :898: /etc/group

  % id
  uid=11647(herb) gid=898(Domain Users) groups=545(Users),10513(Domain Users),898(Domain Users)

  % ls -ln foobar
  -rw-r--r-- 1 11647 898 0 Oct  7 10:27 foobar

Note that the "id" displays the gid as 'Domain Users', and the gid of file
foobar is listed as 898 even though it was originally created with gid
10513.

I'm not sure if this is specific to Domain Users or not.  Also I don't
know if there is some valid reason for this behavior.

But given that the side effects of an invalid login gid are sometimes hard
to detect (and may be difficult to correlate to the invalid gid), it would
be nice to have a more obvious warning.  I think that was the intent
behind showing the group name as "mkgroup" for this case (and providing
the checks in /etc/profile).


FYI, my situation is that I ran into a corner case of "mkpasswd -l -c"
which generated an incorrect gid for the current user (I have not fully
quantified exactly what happened yet).  Everything appeared reasonable on
the surface (including displaying the group as "Domain Users"), but I
eventually noticed that "rsync --link-dest" was copying files instead of 
hard linking them and tracked it back to the invalid gid issue.

Herb.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/