X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 478EE385DC37 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1710019676; bh=nVZ3IsQlA3pe3id6AdKHowx0gCHIiSr+pqI0k/KsPjs=; h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=BckvDsl6XbxT2eVEdemLjAWlv6Q311FyvHZnk8a51Z1B8kP68vRm6ZPsSItd8fte+ Fpzv9NRTdZ59MR5SnjGytbv18PhhlNMi98BpEYZ2jXhO/ZJr7/6+nxSLTjO0/EiGjs xz6Y3+4qDNWEYVNlpczrnf4sNCCh0SLXdCbL0sLw= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8E9F93858402 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8E9F93858402 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710019623; cv=none; b=wXryHT6QbWBwyt5ek2xJdPeSzFfHvWQHJ4QObm+UKLbBEqY+wjHG/Xoo6C0IQ8uC6NuJZ8+N0xiBT/Li8jjzd00UBz7cv2FiOOB3oQJWQ56gHj3FE5eAqn5VZG6Uvvfr0HYKBMmFGuqDEBn8fFLM0Yy0gdBKqaNDHNE8zeBnL4E= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710019623; c=relaxed/simple; bh=hyV+1rKNFAFN76DBZv3WrkETqYg3eqkzn9Do6X1+VKg=; h=Date:From:To:Subject:Message-ID:Mime-Version; b=OWelaHxEmudU/3O8fRUtvAxuQcK36QvRif4kIOsKhKKKh373h9Vt6LzGc56q4/wJUhAg70h72MG6T+ov/OkaByvMIb8r9zN8Ob3sni3PJNBdN8vnas5WOVVplZ/m+0410v/WiFTjPReIfn5fEHfYSuyLSHEjZF/dRxXCAIQFg7E= ARC-Authentication-Results: i=1; server2.sourceware.org X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-Spam-Language: en X-Spam-Relay-Country: X-Spam-DCC: B=www.nova53.net; R=smtp1.atof.net 1205; Body=1 Fuz1=1 Fuz2=1 X-Spam-RBL: X-Spam-PYZOR: Reported 0 times. Date: Sat, 9 Mar 2024 16:26:51 -0500 To: cygwin AT cygwin DOT com Subject: Re: Switching groups with newgrp - how to get the new group with |GetTokenInformation()| ? Message-ID: References:

Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Glenn Strauss via Cygwin Reply-To: Glenn Strauss Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" On Wed, Mar 06, 2024 at 02:01:06PM +0100, Corinna Vinschen via Cygwin wrote: > On Mar 5 23:38, Dan Shelton via Cygwin wrote: > > On Sat, 24 Feb 2024 at 14:11, Corinna Vinschen via Cygwin > > wrote: > > > > > > On Feb 23 22:15, Dan Shelton via Cygwin wrote: > > > > HOWEVER, there is another Cygwin bug: > > > > "getent group mywingrp1" does not list any group members, even after > > > > "net localgroup mywingrp1 mywinuser44 /add", which is a POSIX > > > > violation. > > > > > > Not a bug. Two problems: > > > > > > - Getting members of a group can be an extremly costly operation > > > in a domain or, worse, a domain forest, or even worse, if the > > > domain or domain forest is remote. > > > > > > - Alonmg the same lines, getting members of a group can be extremly > > > costly in big orgs with thousands of users. Nobody want's to clutter > > > up space with the list of members in the "Domain Users" group. > > > > > > - Permissions to enumerate members of a group are restricted. > > > By default only admins and group members are allow to enumerate > > > members and this can be restricted further by domain admins. > > > > > > Therefore we dropped even trying to populate gr_mem, considering > > > that even in its original form on Unix systems, it's used only > > > to add supplementary groups. To do this right on Windows is even > > > more costly than blindly enumerating. > > > > > > It's not a bug, it's a feature :) > > > > Could you add an option to getent so that the full lookup can be > > requested via command line, pls? > > That's not possible. getent just calls getpwent/getgrent. > > > Always editing /etc/nsswitch.conf > > forth and back is not a elegant solution, aside from race conditions > > with other users on a system > > So, here we go again. > > - What exactly are you trying to accomplish by enumerating the accounts? > Maybe you won't actually need it for your task at hand. > > - Why do you have to change nsswitch.conf "back and forth"? > Just change it once and you're done. > > > Corinna Hello > > Dan Shelton - Cluster Specialist Win/Lin/Bsd > > Always editing /etc/nsswitch.conf > > forth and back is not a elegant solution, aside from race conditions > > with other users on a system Please check the man page for getent. man getent getent --help You can use -s or --service to override the service used without editing nsswitch.conf. The man page on Linux provides an example with a bit more details than the man page for getent under cygwin. https://www.man7.org/linux/man-pages/man1/getent.1.html -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple