This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: RFC: 1.7.33 problem with user's home directory


On Nov 11 12:14, Corinna Vinschen wrote:
> On Nov 11 11:05, Achim Gratz wrote:
> > Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > > 1. Add a setting to /etc/nsswitch.conf which allows to specify one of
> > >   the above:
> > > 
> > >     home: [unix|win|home]...
> > > 
> > >    - "unix" means, set pw_dir to unixHomeDirectory
> > >    - "win" means, set pw_dir to homeDirectory
> > >    - "home" means, set pw_dir to /home/$USER
> > >    - Multiple entries are possible.
> > >    - Default in the absence of this setting is: always set pw_dir to
> > >      /home/$USER.
> > 
> > Looks good, but maybe allow the AD attribute to be explicitly named (e.g.
> > cygwinHomeDirectory).
> 
> Cygwin schema extension? :)

I just created a patch and a matching snapshot on
https://cygwin.com/snapshots/

The new stuff is still missing documentation, so I'm explaining it here
for now.

For the attentive, there are two questions in the text...

Here's what you get:

/etc/nsswitch.conf now supports specifying three new settings which
allow to configure the pw_dir, pw_shell, and pw_gecos content:

  db_home: schema...
  db_shell: schema...
  db_gecos: schema...

"schema..." is a list of up to four space-separated schemata:

  db_home: schema1 schema2 ...

If the first schema returns an empty string, skip to the second, and
so on.  Schemata only supported on AD are silently skipped for SAM
accounts and on non-AD machines.

The default for all three settings is:

  db_foo:  cygwin desc

Four predefined schemata are supported:

  windows           Utilizes typical Windows settings.  Supported for
		    AD and SAM accounts.

  cygwin            Utilizes predefined cygwinUser/cygwinGroup AD schema
                    extensions.  These are available via a schema extension
		    file /usr/share/cygwin/cygwin.ldif.

  unix              Utilizes the RFC2307 posixAccount/posixGroup schema
		    extensions.  These are available when installing the
		    Server for NIS AD feature.

  desc              Utilizes XML-style attributes in the description
                    attribute.  Supported for AD and SAM accounts.  This
		    way to fetch extended user and group info from the
		    description field is already documented (albeit only
		    for SAM accounts) in
		    https://cygwin.com/preliminary-ug/ntsec.html#ntsec-mapping-passwdinfo:

Two variable schemata are supported:

  @ad_attribute     ad_attribute is any arbitrary AD attribute name which
		    should be available in the User class or in any attached
		    auxiliary class.

  /path             An arbitrary string, typically a path.  The leading slash
		    is required.  The /path schema supports a few wildcards:

		      %u   Cygwin username
		      %U   Windows username
		      %D   Windows domain in NetBIOS style
		      %_   A space
		      %%   A percent sign.

The meaning of the schemata depend on the setting:

  db_home:

    windows         AD and SAM: Utilizes the setting of the homeDrive or
		    homeDirectory attributes, or their SAM "Home folder"
		    counterparts.  The Windows path is converted to a
		    POSIX path.

    cygwin          AD only: Shortcut for the cygwinHome attribute from
                    the predefined cygwinUser auxiliary class.  POSIX path
		    expected.

    unix            AD only: Shortcut for the unixHomeDirectory attribute
		    from the posixAccount auxiliary class.  POSIX path
		    expected.

    desc            AD and SAM: Fetch the home="..."
                    setting from the user's description attribute.
		    POSIX path expected.

    @ad_attribute   AD-only: Read AD attribute "ad_attribute" as POSIX
		    path.
		    
		    However, I'm contemplating to allow a Windows path
		    here, too.  Does this make sense to you?

    /path	    POSIX path.  Remember the wildcards.

    fallback        If nothing works, the fallback is /home/$USERNAME
                    (Windows username).


  db_shell:

    windows         Ignored.  Do you want CMD instead?

    cygwin          AD-only: Shortcut for the cygwinShell attribute
		    from the cygwinUser class.  POSIX path.

    unix            AD-only: Shortcut for the loginShell attribute
		    from the posixAccount class.  POSIX path.

    desc            AD and SAM: Fetch the shell="" setting from the
		    user's description attribute.  POSIX path.

    @ad_attribute   See above.

    /path	    See above.

    fallback        If nothing works, the fallback is /bin/bash.


  db_gecos:

    windows         AD and SAM: displayName attribute, or "Full Name"
		    setting in SAM. 

    cygwin          AD-only: cygwinGecos attribute from cygwinUser class.

    unix            AD-only: gecos attribute from posixAccount class.

    @ad_attribute   Read AD attribute "ad_attribute" and prepend
                    to pw_gecos.

    /path	    Skip the slash, prepend the reminder of the string
                    to pw_gecos.  Note that the wildcards are still
		    evaluated.

    fallback        If nothing works, the fallback is no fallback.


Examples:

  db_home: cygwin desc

    The default.  Try the cygwinHome attribute first. If it's empty,
    evalaute the description field and see if the home dir is set via
    the cygwin XML-style text.  If that fails, fallback is /home/$USERNAME
    (Windows username).

  db_home: unix @msTSHomeDirectory /home/%u

    Try the unixHomeDirectory attribute first.  Empty?  Try the
    (otherwise unused) msTSHomeDirectory attribute.  Empty?  Fall back
    to /home/$USER (Cygwin username).

  db_gecos: @comment /Hallo%_%U

    Try the comment attribute.  Empty?  Fall back to the string
    "Hallo <Windows username>".  Example passwd entry:

      corinna:*:1049577:1049701:Hallo corinna,U-MY_DOM\corinna,S-1-5-21-yada-yada:/home/corinna:/bin/bash

Is this new stuff basically clear?  Questions?

Please give it a try.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpLfp_PQi8uc.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]