Building /etc/passwd from setup.exe

Sun Dec 8 05:02:00 GMT 2002

> From: Pierre A. Humblet
>
> Domain users have had recurrent troubles with /etc/passwd.
> Here is why, and a proposed remedy.
>
> TODAY
> The currently released setup.exe verifies if /etc/passwd exists.
> If it doesn't, setup creates the file /etc/postinstall/passwd-grp.bat
> which contains
> ********
> bin\mkpasswd -l > etc\passwd
> ********
> That file gets executed during postinstall, creating a passwd file
> with only local users.
>
> There is also a package "base-passwd" with one file,
> /etc/postinstall/passwd-grp.sh

<snip>I'm sure everyone can open the file if they are
interested</snip>

> That file has no effect if it runs after passwd-grp.bat, because
> then the passwd file already exists. I have observed that order,
> I don't know if it's deterministic.
>
> So that's why domain users are not included, and why they are included
> if they delete /etc/passwd and rerun /etc/postinstall/passwd-grp.sh.done
> after setup, as has been suggested on the list.
>
> SOON
> On 2002-11-26, setup has been modified and doesn't create passwd-grp.bat
> anymore. Consequently passwd-grp.sh will have an effect if passwd doesn't
> exist initially. However that will create another set of problems:

Glad you commented at the time this was up for debate...

> 1) If the cases of $USERDOMAIN and `hostname` differ, local users will
>    execute mkpasswd -d

I asked around and nobody came up with a time when $USERDOMAIN and
hostname differed with a local user logged on.

> 2) Domain users will not execute mkgroup -l nor mkpasswd -l, so they will
>    be missing the local groups (Users, ...) and future logins of local
>    users will see HOME = / .

I kind of assumed that domain users *stay* domain users.  If they switch
then they should have the intelligence(?) to add local users to the
appropriate files.  I was more concerned with domain users never being
added to the passwd/group files and the problems there.

> 3) mkpasswd -d will contact the PDC, which may or may not
> succeed, and which
>    has been reported to take hours to complete. That's dangerous in a
>    postinstall script.

It is *however nobody came forward with anything better*!!!

> SUGGESTION
> It seems desirable to
> - have local users and groups always appear in /etc/passwd and /etc/group

Why?  I never log on locally when running on a network domain...

> - avoid contacting the PDC in postinstall scripts

Which totally messes up domain users no?

> - insure that the user running setup.exe is always included in /etc/passwd

Didn't know I could.

> Thus I suggest adding a switch --current (-c) to mkpasswd and to change
> passwd-grp.sh to

Doesn't exist atm, wasn't a solution I could do.  I still disagree.
Adding the domain users at work is a mear second or so.  Those networks
where it is bigger than that, I'm afraid I can't offer any suggestions
(well, not on a public list! ;)

> *******
> #!/bin/sh
> if [ ! -e /etc/passwd ] ; then
>   /bin/mkpasswd -l -c > /etc/passwd
> fi
> if [ ! -e /etc/group ] ; then
>   /bin/mkgroup -l > /etc/group
> fi
> *******
> The -c switch would produce a line about the current user if he is a
> domain user, without contacting the PDC (using only internal info).
>
> That arrangement will guarantee that the user installing Cygwin
> will always
> have a sane passwd file. Domain users may have group "unknown",

so add a -c to mkgroup too...

> but this has
> no negative side effects. This will cover most cases.
>
> Of course, to perfect the environment, domain users should also run
> "mkgroup -l -d" while they are connected to the PDC, and run
> "mkpasswd -l -d" if they need to know about other domain users.
> They can do that at their leisure.

BUT THEY DON'T UNDERSTAND THIS!  The whole idea was so
*anyone* can install cygwin - local OR domain user and get what
they expect.

> Comments? Suggestions? I volunteer to add "-c".

I think the -c is not a bad idea.  I'll go with the majority
about the domain stuff, but I think it should be there.  Question:
have you a known situation where $USERDOMAIN != hostname and
you weren't logged into a domain?

J.