Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Message-ID: <3E5FCBA5.6CA0B099@ieee.org>
Date: Fri, 28 Feb 2003 15:50:45 -0500
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: cygwin-developers AT cygwin DOT com
Subject: Re: cygwin=ntsec:[no]strict
References: <Pine DOT GSO DOT 4 DOT 44 DOT 0302280950290 DOT 25599-100000 AT slinky DOT cs DOT nyu DOT edu> <3E5F7B1D DOT 935B69A7 AT ieee DOT org> <20030228164519 DOT GA9304 AT redhat DOT com> <3E5F9829 DOT 6540A7F0 AT ieee DOT org> <20030228174133 DOT GD10456 AT redhat DOT com> <3E5FABB4 DOT C9A339B3 AT ieee DOT org> <20030228201235 DOT GA13311 AT redhat DOT com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Christopher Faylor wrote:

> >Chris,
> >
> >Please make sure id runs with ntsec even if cygcheck
> >runs with CYGWIN=nontsec.
> 
> Ok.  Thanks.  I never would have thought of this.
> 
> Does it make sense to run it both with and without ntsec or is only ntsec
> interesting?

Normally the information with ntsec is a superset of the other.

However if the user has populated the gr_mem fields in /etc/group,
they will only appear with nontsec. 
That information is used when setuid (to cover the case where the PDC
is not available), so, yes, it could be interesting.

Thanks. I never would have thought of this.

Pierre