> From: Corinna Vinschen > Sent: Friday, February 21, 2014 15:28 > On Feb 21 12:47, Pierre A. Humblet wrote: > > > From: cygwin-apps-owner[...] > > > On Behalf Of Corinna Vinschen > > > Sent: Thursday, February 20, 2014 14:38 > > > To: cygwin-apps[...] > > > > > > Hi guys, > > > > > > > > > I just uploaded the new getent package and sent the announcement, > > > > > > I'm repeating myself here because this is really important and I'm > > > not sure everybody on this list reads the cygwin and cygwin-announce > lists. > > > > > > In short, we want to get rid of the requirement to maintain > > > /etc/passwd and /etc/group files, per > > > http://cygwin.com/ml/cygwin/2014-02/msg00306.html > > > > > > In future, tools and scripts, especially service installation helper > > > scripts like my ssh-host-config, must not rely on being able to grep > > > user and group information from /etc/passwd and /etc/group. > > > > > > Rather, the scripts should be changed to use the getent tool as soon > > > as possible. Usage for checking passwd: > > > > > > $ getent passwd <username...> > > > > > > I'd like to ask all maintainers providing such scripts, including > > > myself, to look into their packages and fix them to use the getent tool. > > > > > > > Corinna, > > > > For packages such as exim we need to find the uid of System and of > Administrator, which the user can set any which way in passwd. > > So we lookup the SID (not the username) to get the uid (or gid). > > The SID of the administrator or the SID of the administrors group? > The SID of the local administrator makes only marginal sense to me. > What do you need it for?
I mean the administrators group. It's needed for example to set the ownership of the configuration file. The daemon checks that the file is owned/writable only by privileged users. Similarly in cron the crontab files need to be readable by admins. cronbug checks for that > > Is there an equivalent mechanism using getent ? > > Else, could Cygwin disregard the passwd entries for these 2 users and use > only the fixed values determined by the mapping from Windows? > > You should not have to expect a name change for the SYSTEM and the > Administrators account. It should be entirely sufficient to check for the > user > Administrator and the user SYSTEM or +SYSTEM. Is that independent of local language? > If you really want to check > by SID, feel free to enumerate all accounts by just omitting the username and > scan for the SID you're looking for: > $ getent passwd | grep ',S-1-5-32-544:' > > $ getent group | grep ':S-1-5-18:' OK, thanks, that will work. We have had cases of people in very large organizations trying to build the password with mkpasswd -d and that ended up taking hours. Won't the above run in the same issue? This needs to run in postinstall. Pierre
