This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

RE: NTSEC, passwd/group, and "544"

Corinna Vinschen wrote:
> "Masterson, Dave" wrote:
> > > 544 is the admins group.
> > 
> > Ok, I see that now from the documentation.  However, what 
> > governs the permissions on the file?
> Under NT? The permissions set on the parent directory. But this
> is really MS documentation.

No, I meant under CYGWIN -- why might the file permissions be displayed
differently by "ls -l" depending on whether ntsec is turned on or not?

> > > If ntsec is off, the ownership might be faked dependent of the
> > > contents of /etc/passwd.
> > 
> > How?  Does it simply assume that all files are owned by the 
> > current user (ie. leave it to Windows to arbitrate access to 
> > the file)?
> Sorry, wrong description. On NTFS it always uses the RID then which
> is substituted by a name in `ls -l' output iff /etc/passwd has a
> corresponding user entry.

Okay, I'm on NTFS.  How does NTSEC play into this?  In my case, with NTSEC,
the file ownership is "544" while, without NTSEC, the file ownership is
"1897" ("ls -ln" output).
> > > myadmingrp::544:513:,S-1-5-32-544::/bin/false
> > 
> > I thought mkpasswd (without "-s") would do this by default 
> > (but "root" instead of "myadmingrp").
> > [...]
> > > > BTW, mkpasswd and mkgroup did not make the "root" account/group
> > 
> > > Sure. They are not intended to do it by themselves. It's _your_
> > > choice.
> > 
> > By my choice, do you mean my choice for adding "-s" to the 
> > command line?  Or do you mean that mkpasswd doesn't add these accounts 
> > at all and its my choice to add them by hand?
> mkpasswd didn't that up to Cygwin-1.1.5-4, it does from 1.1.5-6 on.
> But it _never_ uses another login name than the one which is given
> by the NT system (locale dependent). If you want that Cygwin sees
> admins as root, _you_ have to change the name like the aforementioned
> `myadmingrp' example.

Okay, I'll go along with that.  I believe the docs, though, imply that this
happens from 1.1 on.  See

David Masterson

Want to unsubscribe from this list?
Send a message to

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]