DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 4A9IxwSC3235084 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 4A9IxwSC3235084 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=IDTOtwMD X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0A60F3858C51 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1731178797; bh=bAk8tbeg3Vedd83xF3+HFjem3Yup/eIWDuLgL+QneoI=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=IDTOtwMDd+hqnkFkQnNvPKvG5Of6SCzLvKhKju97WolFHEG0VDsoT0RX6zE+Sp2/7 /ynDK4Aq6MtuGPVIWoy3PBp527fMuEgV/yhPkQNTG1dbCCEVuemZTfBzdR5/YF+qBR TIz52fcTcrweTynIZBFqi+fje39GvbT2RBEApfbA= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org ECA4C3858D21 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org ECA4C3858D21 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1731178774; cv=none; b=ZnrYjmrIjNVlGxG39zyOJOQwQ1nNfrm2vWV1g8fLA+4F3d61saG5c/KoWCKT5qykxxIpThgaXSBRSojCNwB58RfvARc1pnMz+1IFwzcEewUebZe8AmRgfNWjKSwEMwUu2hwZ6xKUbhmd3LhK0JvYsOn5bEQO0GLb/tzpL7fxt6c= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1731178774; c=relaxed/simple; bh=YntOcCor2IFwsmybX3Zg1RwrL2fRTc19x3EpLMfVxfo=; h=Message-ID:Date:MIME-Version:Subject:To:From:DKIM-Signature; b=el1//tU77TjJ/N76h1SQp5oacHCuVtu6iaHePDxPQZ41+6JUeywyq2XNy2MW8uRi7dHevEpwxwZrJRa3bEi0OWQBRD6UAuUBJPlYcFpqRpFISVmtl9B9Xo44KZaaJxv720bK26AzY1HAvqp6YovPUJOyxMP7uB8Fd+z+SJYQT8Y= ARC-Authentication-Results: i=1; server2.sourceware.org Content-Type: multipart/mixed; boundary="------------wf3SlRByKXPUqpA7xOd5dIEC" Message-ID: Date: Sat, 9 Nov 2024 11:59:29 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Stable SIDs for "None"+'"Administrator" ? Content-Language: en-CA To: cygwin AT cygwin DOT com References:

Organization: Systematic Software In-Reply-To: X-Rspamd-Queue-Id: E799A2F X-Rspamd-Server: rspamout03 X-Stat-Signature: z1uitxnm1bgmxk5u1co6g3nd9k9rwnwb X-Session-Marker: 427269616E2E496E676C69734053797374656D6174696353572E61622E6361 X-Session-ID: U2FsdGVkX1+8OocjVZFTKjZAM0a9NSzHtsTl3UxLXlc= X-HE-Tag: 1731178762-202887 X-HE-Meta: U2FsdGVkX191OcHiDWJvVCs0QHL9JlhNPF+Di+/YOEW87Ghq2TADUM92eFfna/Ph/Pa0Ut83677b0NKhAw5gVeYe+AnsFyGaBLpwW+xAFcGvxV0hlBlR8SRkpwpif2BpgVhbjnlIZDPfHytpqbpjuiDH3HYJjMWnWDRv/pCxwQE36SpGdc9W1mCENiiL3ZFMk1Cn56uwQS/K9UfTsIjrLTa4xWz7reBkfMkmqcNKR/mvRfvUZYoCOFUXlenPss4G3R/h3LFeqCtl69bnKnmOQ/Ua/4J88/JPU4tk+WgkXW747HM71SX/P8o4NLFDuTjKKZDVdcQvB3cq2fdfWGXxjgQaTCSKYk+hcPTBlBL7BwDozsSsMnHuRNyukUS6ZWm6E8YI+orm8PPjTQZe6mrkKxn7sQo0KkMD X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Brian Inglis via Cygwin Reply-To: cygwin AT cygwin DOT com Cc: Brian Inglis Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" This is a multi-part message in MIME format. --------------wf3SlRByKXPUqpA7xOd5dIEC Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Attached a list of stable and local passwd and group sids that might be of use. Note the digit groups after -21- and -80- ids are variable. No id what some of the numbers are! -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry On 2024-11-09 11:25, Christian Franke via Cygwin wrote: > Roland Mainz via Cygwin wrote: >> On Sat, Nov 9, 2024 at 6:00 PM Corinna Vinschen via Cygwin wrote: >>> On Nov 9 17:31, Roland Mainz via Cygwin wrote: >>>> Does anyone know a list of SIDs which can be used to get the >>>> user+group accounts for passwd entry "Adminstrator" and group entry >>>> "None" ? >>>> >>>> Our problem is that the actual account names vary with the system >>>> locale, e.g. group entry "None" is "Kein" in "de_DE", "Aucun" in >>>> fr_FR etc. ... >>>> ... so far we thought we fixed this by doing a lookup via SID, and >>>> then remembering the localised name. >>>> >>>> But: The SIDs are apparently not stable between Windows versions. >>>> For example: >>>> ---- snip ---- >>>> # Windows Server 2022/en >>>> $ getent group None >>>> None:S-1-5-21-168624908-967194555-3343779530-513:197121: >>>> # Windows Server 2019 >>>> $ getent group None >>>> None:S-1-5-21-3286904461-661230000-4220857270-513:197121 >>>> ---- snip ---- >>> They *are* stable in that they are >>> >>> ${Machine-SID}-513 >>> >>>> And if there is no such list, would $ mkgroup | egrep >>>> ':S-1-5-21-.+-513:' # be a suitable workaround ? >>> No. >>> >>> ${AD-SID|-513 == "Domain Users" >>> >>> I have not the faintest idea what the MS guys were thinking at the time, >>> calling the group "None". This is basically the equivalent of "Domain >>> Users" for local accounts on machines not being domain controller. A >>> useful name would have been "Local Users" or "Machine Users", but, >>> well, it is what it is. >>> >>> The safe way to check the SID is to fetch the machine SID attach the RID >>> 513, and check for equality. >> How can I get the "machine SID", preferably using /usr/bin/getent, >> /usr/bin/getconf or /proc ? > > If domain info is excluded from mkgroup output, the one and only S-*-513 group > should contain the machine SID: > > $ sid=$(mkgroup -l | sed -n 's/[^:]*:$S-[-0-9]*$-513:.*$/\1/p') > > $ test $(wc -l <<<"$sid") = 1 || echo 'My assumption was wrong :-)' --------------wf3SlRByKXPUqpA7xOd5dIEC Content-Type: text/plain; charset=UTF-8; name="passwd-group-sids.log" Content-Disposition: attachment; filename="passwd-group-sids.log" Content-Transfer-Encoding: base64 UGFzc3dkIFNpZHMKClN5c3RlbSBJbmRlcGVuZGVudCBQYXNzd2QgU2lkcwoKU1lTVEVNOio6 MTg6MTg6VS1OVCBBVVRIT1JJVFkvU1lTVEVNLFMtMS01LTE4Oi9ob21lL1NZU1RFTTovYmlu L2Jhc2gKTE9DQUwgU0VSVklDRToqOjE5OjE5OlUtTlQgQVVUSE9SSVRZL0xPQ0FMIFNFUlZJ Q0UsUy0xLTUtMTk6Lzovc2Jpbi9ub2xvZ2luCk5FVFdPUksgU0VSVklDRToqOjIwOjIwOlUt TlQgQVVUSE9SSVRZL05FVFdPUksgU0VSVklDRSxTLTEtNS0yMDovOi9zYmluL25vbG9naW4K QWRtaW5pc3RyYXRvcnM6Kjo1NDQ6NTQ0OlUtQlVJTFRJTi9BZG1pbmlzdHJhdG9ycyxTLTEt NS0zMi01NDQ6Lzovc2Jpbi9ub2xvZ2luCgpTeXN0ZW0gRGVwZW5kZW50IFMtMS01LTIxLS4u Li01MDAgUGFzc3dkIFNpZHMKCkFkbWluaXN0cmF0b3I6KjokR1JPVVBTOiRHUk9VUFM6VS0k SE9TVE5BTUUvQWRtaW5pc3RyYXRvcixTLTEtNS0yMS0/Pz8/Pz8/Py0/Pz8/Pz8/Py0/Pz8/ Pz8/Py01MDA6L2hvbWUvQWRtaW5pc3RyYXRvcjovYmluL2Jhc2gKRGVmYXVsdEFjY291bnQ6 KjokR1JPVVBTOiRHUk9VUFM6VS0kSE9TVE5BTUUvRGVmYXVsdEFjY291bnQsUy0xLTUtMjEt Pz8/Pz8/Pz8tPz8/Pz8/Pz8tPz8/Pz8/Pz8tNTAzOi9ob21lL0RlZmF1bHRBY2NvdW50Oi9i aW4vYmFzaApHdWVzdDoqOiRHUk9VUFM6JEdST1VQUzpVLSRIT1NUTkFNRS9HdWVzdCxTLTEt NS0yMS0/Pz8/Pz8/Py0/Pz8/Pz8/Py0/Pz8/Pz8/Py01MDE6L2hvbWUvR3Vlc3Q6L2Jpbi9i YXNoCldEQUdVdGlsaXR5QWNjb3VudDoqOiRHUk9VUFM6JEdST1VQUzpVLSRIT1NUTkFNRS9X REFHVXRpbGl0eUFjY291bnQsUy0xLTUtMjEtPz8/Pz8/Pz8tPz8/Pz8/Pz8tPz8/Pz8/Pz8t NTA0Oi9ob21lL1dEQUdVdGlsaXR5QWNjb3VudDovYmluL2Jhc2gKCk90aGVyCgpOVCBTRVJW SUNFK1RydXN0ZWRJbnN0YWxsZXI6KjozMjgzODQ6MzI4Mzg0OlUtTlQgU0VSVklDRVxUcnVz dGVkSW5zdGFsbGVyLFMtMS01LTgwLT8/Pz8/Pz8/LT8/Pz8/Pz8/LT8/Pz8/Pz8/LT8/Pz8/ Pz8/LTIyNzE0Nzg0NjQ6Lzovc2Jpbi9ub2xvZ2luCgpHcm91cCBTaWRzCgpTeXN0ZW0gSW5k ZXBlbmRlbnQgR3JvdXAgU2lkcwoKQXV0aGVudGljYXRlZCBVc2VyczpTLTEtNS0xMToxMToK UkVTVFJJQ1RFRDpTLTEtNS0xMjoxMjoKU1lTVEVNOlMtMS01LTE4OjE4OgpBZG1pbmlzdHJh dG9yczpTLTEtNS0zMi01NDQ6NTQ0OgpVc2VyczpTLTEtNS0zMi01NDU6NTQ1OgpHdWVzdHM6 Uy0xLTUtMzItNTQ2OjU0NjoKUGVyZm9ybWFuY2UgTW9uaXRvciBVc2VyczpTLTEtNS0zMi01 NTg6NTU4OgpQZXJmb3JtYW5jZSBMb2cgVXNlcnM6Uy0xLTUtMzItNTU5OjU1OToKRGlzdHJp YnV0ZWQgQ09NIFVzZXJzOlMtMS01LTMyLTU2Mjo1NjI6CklJU19JVVNSUzpTLTEtNS0zMi01 Njg6NTY4OgpFdmVudCBMb2cgUmVhZGVyczpTLTEtNS0zMi01NzM6NTczOgpIeXBlci1WIEFk bWluaXN0cmF0b3JzOlMtMS01LTMyLTU3ODo1Nzg6ClJlbW90ZSBNYW5hZ2VtZW50IFVzZXJz OlMtMS01LTMyLTU4MDo1ODA6ClN5c3RlbSBNYW5hZ2VkIEFjY291bnRzIEdyb3VwOlMtMS01 LTMyLTU4MTo1ODE6CkRldmljZSBPd25lcnM6Uy0xLTUtMzItNTgzOjU4MzoKQUxMIEFQUExJ Q0FUSU9OIFBBQ0tBR0VTOlMtMS0xNS0yLTE6Njk0MDk6CkFMTCBSRVNUUklDVEVEIEFQUCBQ QUNLQUdFUzpTLTEtMTUtMi0yOjY5NDEwOgoKU3lzdGVtIERlcGVuZGVudCBTLTEtNS0yMS0u Li4tNTAwIEdyb3VwIFNpZHMKCk5vbmU6Uy0xLTUtMjEtPz8/Pz8/Pz8tPz8/Pz8/Pz8tPz8/ Pz8/Pz8tNTEzOiRHUk9VUFM6CgpPdGhlcgoKTlQgU0VSVklDRStUcnVzdGVkSW5zdGFsbGVy OlMtMS01LTgwLT8/Pz8/Pz8/LT8/Pz8/Pz8/LT8/Pz8/Pz8/LT8/Pz8/Pz8/LTIyNzE0Nzg0 NjQ6MzI4Mzg0OgoK --------------wf3SlRByKXPUqpA7xOd5dIEC Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple --------------wf3SlRByKXPUqpA7xOd5dIEC--