X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 17AF2385842D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1710176065;
	bh=+kY4/9RHYkVzbwO63V0kxol0+jckeL2AOfQW9blQK3c=;
	h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=aBoULXHUZDG33VPgUaDfc1jz1vS6t7AgztZpdHB9PE5WgpG7iEYNXcQJSB3t57dRH
	 20jetsYNGRZ8lMz/kVPdgEl9q9s1NwZgmQAF/KwzIFq2tNPuZq33qzQi+ojlt0QvqE
	 YCmws5LUl+Mt38ZgwDdJIzost6QROsD6lnSClvHI=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9185B3858438
Date: Mon, 11 Mar 2024 17:54:00 +0100
To: cygwin AT cygwin DOT com
Subject: Re: Switching groups with newgrp - how to get the new group with
 |GetTokenInformation()| ?
Message-ID: <Ze83KI3hO8f1NkoT@calimero.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CAKAoaQnFxij4Np-jg+bOLEpiSziCfamFrJ2FR_JeO+Sv_Td2Kg AT mail DOT gmail DOT com>
 <ZdecXZNUgQ3i0hYN AT calimero DOT vinschen DOT de>
 <CAKAoaQ=rCwVHnHAqfd5C3kC45GPE4ZHbbgCWrdM64sojLMuMyA AT mail DOT gmail DOT com>
 <Zdi-CnGX3CwWA0nl AT calimero DOT vinschen DOT de>
 <CAKAoaQ=kLW3houqanjcN9Qk1++BtgW-dNRiXjLYwCRTYEzoN=w AT mail DOT gmail DOT com>
 <CAAvCNcCHAVooYX2_tUHHnUYvWRKHWhBwxmKws7AcqjOo-sQd+g AT mail DOT gmail DOT com>
 <Zdnq5yJha75NTpgd AT calimero DOT vinschen DOT de>
 <CAAvCNcAEAr0gFdR_excafHq8+cYjDvf_APb1So-AAWGSu2+zTQ AT mail DOT gmail DOT com>
 <ZehpEr18QUP6C3Ge AT calimero DOT vinschen DOT de> <ZezUG1aiwd3t28U7 AT xps13>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <ZezUG1aiwd3t28U7@xps13>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

On Mar  9 16:26, Glenn Strauss via Cygwin wrote:
> On Wed, Mar 06, 2024 at 02:01:06PM +0100, Corinna Vinschen via Cygwin wrote:
> > On Mar  5 23:38, Dan Shelton via Cygwin wrote:
> > > On Sat, 24 Feb 2024 at 14:11, Corinna Vinschen via Cygwin
> > > <cygwin AT cygwin DOT com> wrote:
> > > >
> > > > On Feb 23 22:15, Dan Shelton via Cygwin wrote:
> > > > > HOWEVER, there is another Cygwin bug:
> > > > > "getent group mywingrp1" does not list any group members, even after
> > > > > "net localgroup mywingrp1 mywinuser44 /add", which is a POSIX
> > > > > violation.
> > > >
> > > > Not a bug.  Two problems:
> > > >
> > > > - Getting members of a group can be an extremly costly operation
> > > >   in a domain or, worse, a domain forest, or even worse, if the
> > > >   domain or domain forest is remote.
> > > >
> > > > - Alonmg the same lines, getting members of a group can be extremly
> > > >   costly in big orgs with thousands of users.  Nobody want's to clutter
> > > >   up space with the list of members in the "Domain Users" group.
> > > >
> > > > - Permissions to enumerate members of a group are restricted.
> > > >   By default only admins and group members are allow to enumerate
> > > >   members and this can be restricted further by domain admins.
> > > >
> > > > Therefore we dropped even trying to populate gr_mem, considering
> > > > that even in its original form on Unix systems, it's used only
> > > > to add supplementary groups.  To do this right on Windows is even
> > > > more costly than blindly enumerating.
> > > >
> > > > It's not a bug, it's a feature :)
> > > 
> > > Could you add an option to getent so that the full lookup can be
> > > requested via command line, pls?
> > 
> > That's not possible.  getent just calls getpwent/getgrent.
> > 
> > > Always editing /etc/nsswitch.conf
> > > forth and back is not a elegant solution, aside from race conditions
> > > with other users on a system
> > 
> > So, here we go again.
> > 
> > - What exactly are you trying to accomplish by enumerating the accounts?
> >   Maybe you won't actually need it for your task at hand.
> > 
> > - Why do you have to change nsswitch.conf "back and forth"?
> >   Just change it once and you're done.
> > 
> > 
> > Corinna
> 
> Hello
> > > Dan Shelton - Cluster Specialist Win/Lin/Bsd
> 
> > > Always editing /etc/nsswitch.conf
> > > forth and back is not a elegant solution, aside from race conditions
> > > with other users on a system
> 
> Please check the man page for getent.
> 
> man getent
> getent --help
> 
> You can use -s or --service to override the service used without
> editing nsswitch.conf.  The man page on Linux provides an example
> with a bit more details than the man page for getent under cygwin.
> https://www.man7.org/linux/man-pages/man1/getent.1.html

The -s option is just available for compatibility, but otherwise a no-op
on Cygwin.  The -i option works as upstream, -w is a Cygwin-only option.

The Cygwin getent.1 man page is a bit old, given it's taken from
upstream and just slightly adapted from glibc 2.18.90, a good 10 years
ago.  The upstream man page at the time did not document the options for
some reason.  These days it documents the options, so we could fetch
this and create a new manpage from there.


Corinna

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple