X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 850AE385801F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1709730120; bh=kGLUJLIXAF51VuqtRAya6+ruk8Qv7J/LyrV61k18Sn4=; h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=eQh39d8aXjoxyShSwR6WqQ/pBOF0YpP0eBo/WccWzhrPNh7vQgHgUmnVZsOdDFs6q qXYep8qYS4vo+lxJP4q9BNn+bcQZCar7Hbyv717FphmuwbBAXKvs6K+B11HrUdvfoa 2bGFpoW1uL2JrPUQZNh23bw0o/QeQZYQ9u/eHJUs= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8C96E385843A Date: Wed, 6 Mar 2024 14:01:06 +0100 To: cygwin AT cygwin DOT com Subject: Re: Switching groups with newgrp - how to get the new group with |GetTokenInformation()| ? Message-ID: Mail-Followup-To: cygwin AT cygwin DOT com References:

MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Corinna Vinschen via Cygwin Reply-To: cygwin AT cygwin DOT com Cc: Corinna Vinschen Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" On Mar 5 23:38, Dan Shelton via Cygwin wrote: > On Sat, 24 Feb 2024 at 14:11, Corinna Vinschen via Cygwin > wrote: > > > > On Feb 23 22:15, Dan Shelton via Cygwin wrote: > > > HOWEVER, there is another Cygwin bug: > > > "getent group mywingrp1" does not list any group members, even after > > > "net localgroup mywingrp1 mywinuser44 /add", which is a POSIX > > > violation. > > > > Not a bug. Two problems: > > > > - Getting members of a group can be an extremly costly operation > > in a domain or, worse, a domain forest, or even worse, if the > > domain or domain forest is remote. > > > > - Alonmg the same lines, getting members of a group can be extremly > > costly in big orgs with thousands of users. Nobody want's to clutter > > up space with the list of members in the "Domain Users" group. > > > > - Permissions to enumerate members of a group are restricted. > > By default only admins and group members are allow to enumerate > > members and this can be restricted further by domain admins. > > > > Therefore we dropped even trying to populate gr_mem, considering > > that even in its original form on Unix systems, it's used only > > to add supplementary groups. To do this right on Windows is even > > more costly than blindly enumerating. > > > > It's not a bug, it's a feature :) > > Could you add an option to getent so that the full lookup can be > requested via command line, pls? That's not possible. getent just calls getpwent/getgrent. > Always editing /etc/nsswitch.conf > forth and back is not a elegant solution, aside from race conditions > with other users on a system So, here we go again. - What exactly are you trying to accomplish by enumerating the accounts? Maybe you won't actually need it for your task at hand. - Why do you have to change nsswitch.conf "back and forth"? Just change it once and you're done. Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple