Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <20001109220208.13920.qmail@web804.mail.yahoo.com>
Date: Thu, 9 Nov 2000 14:02:08 -0800 (PST)
From: Rick Rankin <rick_rankin AT yahoo DOT com>
Subject: Re: Some domain groups not found by 'mkgroup --domain'
To: cygwin <cygwin AT sources DOT redhat DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

OK, I think I've figured this out. We use a tool called "Microsoft User Manager
for Domains" to manage domain user and group accounts. That tool has the
ability to add what it calls a "global" or a "local" group. It turns out that a
"local" group means a group that is local to the domain controller. I wrote
some code to query the domain controller for its list of groups, and sure
enough, all the groups that are missing (from my point of view) from 'mkgroup
-l' and 'mkgroup -d' show up when I use NetLocalGroupEnum and pass it the name
of the domain controller as the server.

Here's the problem that precipitated this question. When I write files to a
shared directory on that controller using cygwin tools, the permissions all
seem to be ---------- on those files. My domain user account is a member of one
of those "local" accounts on the domain controller. I thought that if I added
those group definitions into /etc/group, the problem might be alleviated, at
least somewhat.

Does that make any sense?

Rick Rankin
rick_rankin AT yahoo DOT com
--- Corinna Vinschen <vinschen AT redhat DOT com> wrote:
> Rick Rankin wrote:
> > 
> > I'm not sure exactly how to provide an example -- the situation simply
> exists.
> > However, I've been poking around in the MSDN documentation, and I've found
> some
> > [...]
> 
> To keep it simple:
> 
> Each NT/W2K machine has local groups. A local group is only valid
> on the local machine. They are retrieved by the function
> `NetLocalGroupEnum' or in a Cygwin environment on the command line by
> `mkpasswd -g' or `mkgroup -l'.
> 
> A domain is a domain is a domain. A domain has domain groups which
> are sometimes named `global groups' by the Microsoft documentation.
> These groups are retrieved by the function `NetGroupEnum' or on
> the command line by `mkgroup -d DOMAIN'. If you don't give a domain
> name, the default domain is used.
> 
> Domain (or global) groups may be member of local groups while
> domain groups may only have users as members.
> 
> There's another class of groups which is called `predefined local
> group' or similar. That are the groups which already exist on a
> machine when it has been installed. Examples are the administrators
> group or the guest group. Except that they are predefined they
> behave the same as later defined local groups.
> 
> I suggest (how boring) reading the ntsec chapter in the online
> users guide:
> 
>    http://sources.redhat.com/cygwin/cygwin-ug-net/ntsec.html
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Developer                        mailto:cygwin AT sources DOT redhat DOT com
> Red Hat, Inc.
> mailto:vinschen AT redhat DOT com
> 
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com
> 



__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.
http://shopping.yahoo.com/

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com