DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 4A9IPYxs3226577
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 4A9IPYxs3226577
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=qbxFUUU3
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9C023385840A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1731176733;
	bh=vx2AnM6JjkD+mHMgDKbgKDKLHEXFbYwuyOiVMoysMSk=;
	h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=qbxFUUU3+7duSyo3yyCy8JOPEnCYVUeIDO+E5o0bqVtc1bPFbXwCFQ1VMw/73kRDR
	 vMHVRilLJgjMbr/PefC53JpVbYKBoo1NY5NEn4LtW7i3r4eSj0n/IjmLcXbIyOLsSh
	 4L1C+q/N5ZfPf4MfH8LRnUcUV1jvHK3TZcwi8bkg=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5E31C3858D20
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5E31C3858D20
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1731176714; cv=none;
 b=EhDxC//jGewz4P05J7sAY3bPvhpHa4PdAzqkOv5Kqq0+vTawfWI9pyf++Y9xijG4zGrR3rc5KiTBaI/Utx7iwpJvmFT5ApdAsnR7CYIy6aXLazAcN/4zrCUQRl8Ms7qwOZM0GlN2+HgZVrp4ouXeEQrnAIl1+KwF4u1lk5jGFzA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1731176714; c=relaxed/simple;
 bh=ylPhRX4pnT3mKY27zHFkHa+fVKkdvOkzicdhd6gDSRs=;
 h=Subject:To:From:Message-ID:Date:MIME-Version;
 b=mf3scftxzM+gZLMuf3/wiwnI2kkfR8NGQ2lERpaW7gk3vy8ASnjRsH/Pz9Ciok/AGKfLbWX2lQqZtU/DADOBpyiCCtKH0GUrvnlVFVDcupLkQvUA1hofpHG1ze9I4/5p9SrnV0Xr9BJMUtggwky+lVfbi6rMSVukxwXXBCILPLM=
ARC-Authentication-Results: i=1; server2.sourceware.org
Subject: Re: Stable SIDs for "None"+'"Administrator" ?
To: cygwin AT cygwin DOT com
References: <CAKAoaQ==gSPA7eiJN9LiLMcR1ktfE9CUTE1Bzc1oMDBs1PQhqw AT mail DOT gmail DOT com>
 <Zy-VP7xZu-39qcio AT calimero DOT vinschen DOT de>
 <CAKAoaQm6Z7U97tXS20bAnqYy8KULpLStD10SWK-TM5GB9iWOtg AT mail DOT gmail DOT com>
Message-ID: <e2fe0e70-3f8c-9f22-c8ce-a3669acaf746@t-online.de>
Date: Sat, 9 Nov 2024 19:25:04 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 SeaMonkey/2.53.18.2
MIME-Version: 1.0
In-Reply-To: <CAKAoaQm6Z7U97tXS20bAnqYy8KULpLStD10SWK-TM5GB9iWOtg@mail.gmail.com>
X-TOI-EXPURGATEID: 150726::1731176705-79FF945E-C5016728/0/0 CLEAN NORMAL
X-TOI-MSGID: 7cd5e3f8-e697-40d2-bcc0-a34a79eb9cc6
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Christian Franke via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Christian Franke <Christian DOT Franke AT t-online DOT de>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 4A9IPYxs3226577

Roland Mainz via Cygwin wrote:
> On Sat, Nov 9, 2024 at 6:00 PM Corinna Vinschen via Cygwin
> <cygwin AT cygwin DOT com> wrote:
>> On Nov  9 17:31, Roland Mainz via Cygwin wrote:
>>> Does anyone know a list of SIDs which can be used to get the
>>> user+group accounts for passwd entry "Adminstrator" and group entry
>>> "None" ?
>>>
>>> Our problem is that the actual account names vary with the system
>>> locale, e.g. group entry "None" is "Kein" in "de_DE",  "Aucun" in
>>> fr_FR etc. ...
>>> ... so far we thought we fixed this by doing a lookup via SID, and
>>> then remembering the localised name.
>>>
>>> But: The SIDs are apparently not stable between Windows versions.
>>> For example:
>>> ---- snip ----
>>> # Windows Server 2022/en
>>> $ getent group None
>>> None:S-1-5-21-168624908-967194555-3343779530-513:197121:
>>> # Windows Server 2019
>>> $ getent group None
>>> None:S-1-5-21-3286904461-661230000-4220857270-513:197121
>>> ---- snip ----
>> They *are* stable in that they are
>>
>>    ${Machine-SID}-513
>>
>>> And if there is no such list, would $ mkgroup | egrep
>>> ':S-1-5-21-.+-513:' # be a suitable workaround ?
>> No.
>>
>>    ${AD-SID|-513 == "Domain Users"
>>
>> I have not the faintest idea what the MS guys were thinking at the time,
>> calling the group "None".  This is basically the equivalent of "Domain
>> Users" for local accounts on machines not being domain controller.  A
>> useful name would have been "Local Users" or "Machine Users", but,
>> well, it is what it is.
>>
>> The safe way to check the SID is to fetch the machine SID attach the RID
>> 513, and check for equality.
> How can I get the "machine SID", preferably using /usr/bin/getent,
> /usr/bin/getconf or /proc ?

If domain info is excluded from mkgroup output, the one and only S-*-513 
group should contain the machine SID:

$ sid=$(mkgroup -l | sed -n 's/[^:]*:\(S-[-0-9]*\)-513:.*$/\1/p')

$ test $(wc -l <<<"$sid") = 1 || echo 'My assumption was wrong :-)'

-- 
Regards,
Christian


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple