X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3DAC9385E01F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1709548024;
	bh=wlVtveNqMvcsqCrcfD20LzN+lcKcnIuIK42LH7UkSB4=;
	h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=e0nd2IIfjiJ6nIw8D9vRe+Dgl27GbEvGcLqKZq/AbUvdcYUfPGu6dgbQm1oWr+hgp
	 CgBT4FK9LVupvIsGg0urr2Q4r6s9SQg8VNVA7sHzZX3Hc5SqJhyNp5baZ9FGiYPcX1
	 amQ1sVKzTQU7jPya8wncOBKP9KFMAjD3BkW5wB2E=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DD9983858295
Date: Mon, 4 Mar 2024 11:26:12 +0100
To: cygwin AT cygwin DOT com
Subject: Re: UNIX nobody/nogroup mapping to which Windows SID/account?
Message-ID: <ZeWhxD_jfjaIocLI@calimero.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CANH4o6P_ONdFmMoAuOP8RbCQ0XEWagdPVeM7chY3B1CfJ5hAAw AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CANH4o6P_ONdFmMoAuOP8RbCQ0XEWagdPVeM7chY3B1CfJ5hAAw@mail.gmail.com>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

On Mar  3 14:45, Martin Wege via Cygwin wrote:
> Hello,
> 
> How can we map UNIX "nobody"/"nogroup" to Win32 SIDs/accounts? Cygwin
> has entries for "nobody" in /etc/passwd and "nogroup" in /etc/group,
> but these accounts have SIDs returned by /usr/bin/getent passwd and
> /usr/bin/getent group which LookupAccountSidA() does not recognise.
> 
> So what is the correct Win32 solution?

I urge you to read the entire thread starting at

https://sourceware.org/legacy-ml/cygwin/2016-06/msg00347.html

There's a *LOT* of information in there in terms of discussing and
creating the nobody/nogroup mapping.

Bottom line is, there's no nobody account equivalent on Windows and no
resolvable SID/Name pair.  Thus, we decided to use the SID S-1-0-65534
mapped to uid/gid 65534 for this purpose.  This doesn't matter to native
Windows, it's just some foreign SID.  But it's resolvable inside Cygwin:

  $ getent passwd S-1-0-65534
  no+body:*:65534:65534:U-no\body,S-1-0-65534:/:/sbin/nologin
  $  getent group S-1-0-65534
  no+body:S-1-0-65534:65534:


Corinna

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple