Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Tue, 16 Jul 2002 15:17:36 -0400
From: Jason Tishler <jason AT tishler DOT net>
Subject: Re: Corinna or Pierre please comment? [jason AT tishler DOT net: Re: setuid()
 problem when disconnected from PDC under 1.3.12-2]
In-reply-to: <3.0.5.32.20020715162535.0080c900@mail.attbi.com>
To: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Cc: cygwin-developers AT cygwin DOT com
Mail-followup-to: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>,
 cygwin-developers AT cygwin DOT com
Message-id: <20020716191735.GB1692@tishler.net>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
References: <20020715155951 DOT GG2372 AT tishler DOT net>
 <20020713165415 DOT GB30143 AT redhat DOT com> <20020715110733 DOT B6932 AT cygbert DOT vinschen DOT de>
 <20020715125051 DOT GC2372 AT tishler DOT net> <20020715145826 DOT H6932 AT cygbert DOT vinschen DOT de>
 <20020715155951 DOT GG2372 AT tishler DOT net>
 <3 DOT 0 DOT 5 DOT 32 DOT 20020715162535 DOT 0080c900 AT mail DOT attbi DOT com>

Pierre,

On Mon, Jul 15, 2002 at 04:25:35PM -0400, Pierre A. Humblet wrote:
> At 07:24 PM 7/15/2002 +0200, Corinna Vinschen wrote:
> >On Mon, Jul 15, 2002 at 11:59:51AM -0400, Jason Tishler wrote:
> 
> I agree with everything Corinna wrote (just back from a long trip).
> The drawback of implementing a "lenient" version is that, without
> special edits of /etc/group, some site-dependent "mysterious" failures
> might happen when disconnected.

Understood, but sshd and cron failing when disconnected is not good
either.

> Why not use a local account for sshd and cron? 

The above will be essentially unusable or at least extremely
inconvenient.  Repeatedly switching between PALO-ALTO\jatis (i.e., a
domain user) and TISHLERJASON\jt (i.e., a local user) would not be fun.

> Jason, can you telnet into the machine as a domain user when
> disconnected from the PDC for a long time? If so are the groups (from
> id) the same as when you are connected (working with an /etc/group
> that includes the domain groups)? (just curious).

I was thinking of trying the above experiment myself.  I will disconnect
before I leave work today and try first thing tomorrow.  I will report
back then.

Thanks,
Jason