On Apr 17 16:35, Julio Costa wrote:
> On Fri, Apr 17, 2009 at 14:56, Corinna Vinschen wrote:
> > Why is that a problem for sharing the
> > data with others?
> >
> [...]
> Currently it is assigned to the 'None' group. That's does not SEEM to
> be useful, even if it doesn't break anything at the surface.
> The mkpasswd also has the same "problem":
It's not at all a problem. It's pure Windows.
> administra...@vmguest ~
> $ mkpasswd -l -u Administrator
> Administrator:unused:500:513:U-VMGUEST\Administrator,S-1-5-21-221598610-1224240008-1772044280-500:/home/Administrator:/bin/bash
>
> administra...@vmguest ~
> $ id
> uid=500(Administrator) gid=513(None)
> groups=0(root),544(Administrators),545(Users),513(None)
>
> Why it does not show gid=544(Administrators) or even gid=0(root)? Is
> this something so fundamentally different from POSIX?
Not at all. It's exactly what's in your user token. The group "None"
is the primary group for all non-Domain user accounts. This is not
changable in Windows. Only domain users can be assigned another default
primary group.(*)
> There is a similar problem with a domain user:
>
> domainu...@vmguest ~
> $ mkpasswd -d -u domainuser
> DOMAINUSER:unused:18606:10513:U-DOMAIN\DOMAINUSER,S-1-5-21-682003330-2049763794-1831674531-8606:/home/DOMAINUSER:/bin/bash
>
> domainu...@vmguest ~
> $ id
> uid=18606(domainuser) gid=10513(Domain Users)
> groups=0(root),544(Administrators),545(Users),10513(Domain Users)
>
> Once again, a logic output should be gid=544(Administrators) or even
> gid=0(root)...
No, it's not logical. It might be desired by you, but it's not fact
in Windows.
> In the first installations I've made I were logged on with this domain
> user, and that proved to be the worst case, because the 'Domain Users'
> default group assigned to the cygwin root turned Cygwin not accessible
> even by Administrator(!)... see what I mean?
No, for three reasons. First of all, admins have all permissions to
access all the files and directories anyway in Cygwin 1.7. Second, even
ignoring this, the admins would have read and execute permissions.
Third, chown -R is your friend. The important thing is that the
permissions are set correctly. If you don't like the ownership, you
can change it.(*)
(*) You can also tweak the user token of a running process to switch to
another primary group, as long as the new primary group is already
in the token's group list. That's what Cygwin is capable of and
what's it's doing if you manually changed your primary group in
/etc/passwd, see http://cygwin.com/1.7/cygwin-ug-net/ntsec.html
That's something setup could do as well, maybe, setting the primary
group to Administrators if the user's token contains the
Administrators group in the group list. But it wouldn't change
anything since the group's permissions are in 99% of the cases also
only r-x or r--, same as other's permissions.
Or, if the user is an admin user, setup could set the owner to the
admins group rather than to the current user. My toenails are
coiling up at that idea since I hated this behaviour already in NT4
times. But it might be the simplest solution which makes almost
everybody happy.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
