X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 q=dns; s=default; b=IZMqnqsjd3Z1yN0Y+xJRI2GK9zo7NaFyBNysVKbv/44
	VnKN8EiDY6sIeB03FdgN5FLVlAoJ0QCKR2KgwacrPbvgz26NL+lYn+hWSUYAeJYx
	B2Sqg3TfaJ1+Aa3Say+IZMxvU6MQTtg/GDjo9f2WTPnAU7+EB73z/GTbqLWmMGw0
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 s=default; bh=FWWrzYjeCyV+Y52DzZ5TJrmNWIg=; b=smcTEQv9tFzM257uS
	vNY2sh4KlEqw+3ukaT9HHTYyBU+leC7QPE5yurmxiSK0F82ZrJ35W2kDw/HJcXPW
	QJB1hiieiTMTtgOIp2px7YY9hWoSj6oHE2mzk97+1YW4VYhbPJ3975vL71wH8F/Q
	XRgjuUkmoMyp1BzePbW9qw/n+E=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2
X-HELO: postman.abacus.ch
Message-ID: <53D90F4B.6060002@abacus.ch>
Date: Wed, 30 Jul 2014 17:29:15 +0200
From: Wolf Geldmacher <wolf DOT geldmacher AT abacus DOT ch>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Simplify AD integration?
References: <20140730134716 DOT GM25860 AT calimero DOT vinschen DOT de>
In-Reply-To: <20140730134716.GM25860@calimero.vinschen.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

On 30.07.2014 15:47, Corinna Vinschen wrote:
> Hi folks,
>
>
> here's a set of question to those of you interested in the new
> passwd/group functionality.  This already has been discussed partially,
> but there was no conclusion.
>
> Right now, there's a lot of variability in the user names, based on the
> /etc/nsswitch.conf settings db_prefix and db_separator.
>
> The separator char is a '+' by default but can be replaced with other
> ASCII chars.  db_prefix allows three styles of user naming conventions:
>
>    Default is 'auto':
>
>      builtin accounts;   "+SYSTEM", "+LOCAL", etc.
>      primary domain      "corinna", "cgf", ...
>      other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
>    If set to 'primary':
>
>      builtin accounts;   "+SYSTEM", "+LOCAL", etc.
>      primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
>      other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
>    If set to 'always':
>
>      builtin accounts;   "NT AUTHORITY+SYSTEM", "BULTIN+LOCAL", etc.
>      primary domain      "MYDOMAIN+corinna", "MYDOMAIN+cgf", ...
>      other domain:       "DOMAIN1+walter", "DOMAIN2+mathilda"
>
> "Primary domain" here is either the primary domain of the machine or the
> local SAM if the machine is no domain member.  "Other domain" here is
> either a trusted domain or the local SAM for domain machines.
>
> Together with the variable separator char this is an awful lot of
> variability, which has the potential side effect to complicate the
> code *and* debugging.
>
> Also, the leading '+' for builtin accounts results in some downsides,
> one of them for instance the fact that `chown +x' assumes that x is a
> numerical uid or gid.  Thus `chown +SYSTEM ...' fails.  On the other
> hand it simplifies the account handling inside of Cygwin.
>
> So I'd like to ask a few questions to which I'd like to have some brief
> answers, kind of like a poll, to get a better idea how we should
> proceed:
>
> 1. Shall we remove the leading '+' from the builtin account names
>     or shall we keep it?
>
> 2. Shall we stick to '+' as the separator char or choose another one?
>     If so, which one?
>
> 3. Shall we keep the `db_prefix' variability or choose one of
>     the prefixing methods and stick to it?  If so, which one, auto,
>     primary, or always?
>
> Bonus question:
>
> 4. Should Cygwin downcase all usernames when generating the Cygwin
>     username, so, if your Windows username is 'Ralph', your Cygwin
>     username will be 'ralph'?
>
>
> Thanks,
> Corinna
>
Just a thought:

Is there anything preventing you from using the pathname conventions for 
user names?

I seem to remember having seen constructs like "domain/user" (or ./user 
for the local domain) e.g. in Samba and found this to be quite 
intuitive, up to and including the ability to drop a leading "./" for 
local names.

It is also pretty close to how Windows specifies domain users names (but 
use the unixy '/' instead of the windozy '\' (or must I write '\\' ;-)) 
and positively avoids the chown gotcha.

Also some code could be reused for user name handling from path 
canonicalization?

Again - I'm not deep into this topic, so please feel free to ignore the 
suggestion if it doesn't make sense to you.

Cheers,
Wolf

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple