DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=HsWqdQvY7/bNrbN++kTMYnJEH+FLfyEna0SRe/Q3kCJsBjZjX+FVg
	EIwaFJbhtt+kPvhlyNySMRQIJOA90At0M/QpCkQ5plFd4u9JKk9hFDPrm04e2WCC
	lYOsNvobHzKKJMnnGxTVml/o5h6cpgS4UAlG6eSb8VWvClCox8+rRU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Date: Sat, 15 Feb 2014 13:50:43 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Testers needed:  New passwd/group handling in Cygwin
Message-ID: <20140215125043.GK2246@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20140213143849 DOT GH2246 AT calimero DOT vinschen DOT de> <52FD63BC DOT 60800 AT etr-usa DOT com> <20140214104243 DOT GY2246 AT calimero DOT vinschen DOT de> <52FE786F DOT 9040203 AT etr-usa DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="BtQ+uzrQQ7HCCYtg"
Content-Disposition: inline
In-Reply-To: <52FE786F.9040203@etr-usa.com>
User-Agent: Mutt/1.5.21 (2010-09-15)

--BtQ+uzrQQ7HCCYtg
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 14 13:11, Warren Young wrote:
> On 2/14/2014 03:42, Corinna Vinschen wrote:
> >On Feb 13 17:30, Warren Young wrote:
> >>On 2/13/2014 07:38, Corinna Vinschen wrote:
> >
> >>>   Apart from power shell scripting or inventing new CLI tools, these
> >>>   attributes can be changed using the "Attribute Editor" tab in the u=
ser
> >>>   properties dialog of the "Active Directory Users and Computers"
> >>>   MMC snap-in.
> >>
> >>A week ago, we were talking about possible Cygwin
> >>{user,group}{add,mod} programs, modeled on Linux's.  Was that simply
> >>shelved once "net user" and MMC were found to be sufficient?
> >
> >Huh?  "Apart from [...] or inventing new CLI tools, [...]"
> >                         ^^^^^^^^^^^^^^^^^^^^^^^^^^
>=20
> I wasn't sure how to interpret that.  It could be read as an
> unfulfilled possibility or as dismissing a ridiculous idea.  i.e.
> "Apart from rewriting Cygwin in Erlang..."

Nah, I'm not *always* cynical.

> >>If, magically, such programs were to appear from outside the Cygwin
> >>core dev group, would that be a good thing or a bad thing?
> >
> >It would be a really great thing!
>=20
> Okay.  I thought you might feel proprietary about such tools.  "I
> know how it needs to be written, so I'm going to be the one to write
> it, right after the other 59 bazillion things on my wishlist."

Actually, high on my wishlist is more active maintainers for the distro.
We have a couple of maintainers of very important packages which only
show up very sporadically lately, which is pretty frustrating.


> >>I know I'm bikeshedding, but "unix" seems like a pretty vague
> >>attribute name here.
> >
> >Really, I'm open to suggestions to have a better keyword, but it
> >should make very clear that this is not your Cygwin uid/gid.
>=20
> Okay, netfsuid, then.

Hmm.

> >>"All" processes?
> >
> >You are absolutely right, but, please, suggest a better wording.
>=20
> "If you create or change /etc/nsswitch.conf, you need to restart all
> Cygwin processes that need to see the change.  If the process you
> want to see the change is a child of another process, you need to
> restart all of that process's parents, too."
> [...]
> Better?

Yes.  Thanks a lot.  I grabbed all of this including your followup
change shamelessly and added it to the text.

> >What entry would you find in passwd which you
> >didn't already find in SAM or via the implemented automatisms
> >for unknown SIDs?
>=20
> That makes sense.
>=20
> Is nsswitch.conf the right thing, then?  Are we borrowing that
> mechanism just because it exists and looks close enough?

Perhaps.

> It seems to me that we really only need a single Boolean setting:
>=20
>     ignore_db=3Dtrue

No, that's not right.  We have two mechanisms implemented you can
choose three out of four possible combinations:

  files only
  db only
  files, then db

> If this is true, it uses files only.  If false, DB is the sole
> source of truth if /etc/{passwd,group} are missing, or it is a
> fallback source of truth if those files are present.

The third combination is to prevent Cygwin from reading /etc/passwd
and /etc/group at all.  It drops any check for existence, too, which
is one code point less which has to run for each getpwXXX/getgrXXX
invocation.

> Does this help us get to a world where we configure this in
> nscd.conf, as cgf proposed?

I'm open to discuss this.  We can switch from nssswitch.conf to
nscd.conf, but our settings will still not match the role-model,
so it's kind of a name-reuse only, either way.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--BtQ+uzrQQ7HCCYtg
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJS/2KjAAoJEPU2Bp2uRE+gHbsP/Rc0MdTmK6Ov1rqQwnN3WlpY
MovqYhrCj/jdKcYpsUh816OBKv5zxfMKtxt/VdHPyW3JPc/9+16BbJP2tlpioxf9
JkM76AC7perd/DJBzA/Pj4QgqaDBqm8Jp95gKeva8Mnqvjqd4CWSe4QT8gua0zRP
8JYjAWSw4aa3iWXnd0t6Q/qAjx4Ep07l162X+y+EfS7Z3fywPk+1UHY+gZhqI9Ch
7aDivMpZYR1fACzWjOGG0GULLLbmmLMhxdpnmcTYDrM8effSg+V5gcgdHuIauZ/t
DwnUK/0bTGKzb/XT4nN9BasejTHHHsz561p6krihAAE+5LpBPc4UWcIFqsYLNnxN
9fDzpF3Gxsu7675LppcmbjeVdnwzLGijzecckodPA+Hd8mo0ubahmNG3wiDddKNu
E28CnIHz0HmtW1iykmUoWctqKEJQVybp5HRmklF65JCvLV29L05JQPbj7sxfNyuZ
CSasgr7/HAmOi2uHlTKzqVg7PsQn+dwK9fhbIakQj8yrf0V9IG910ytj0XmDg0kc
qrHkgbczIWuc1fFbSyRJ+zuT5XPmkBKkAGRQl8JPcCy+NvRDCibolEgaHMV4nbY2
cRaejod3uxC1zlWixjRh7cWfYLyG1HFw9Q1RjCzUli0pZ9fVXHOQlwLTfvuXj1ZW
a/vmsSiGi752n57Du04R
=W8w0
-----END PGP SIGNATURE-----

--BtQ+uzrQQ7HCCYtg--