Some domain groups not found by 'mkgroup --domain'
Thu Nov 9 14:02:00 GMT 2000
OK, I think I've figured this out. We use a tool called "Microsoft User Manager
for Domains" to manage domain user and group accounts. That tool has the
ability to add what it calls a "global" or a "local" group. It turns out that a
"local" group means a group that is local to the domain controller. I wrote
some code to query the domain controller for its list of groups, and sure
enough, all the groups that are missing (from my point of view) from 'mkgroup
-l' and 'mkgroup -d' show up when I use NetLocalGroupEnum and pass it the name
of the domain controller as the server.
Here's the problem that precipitated this question. When I write files to a
shared directory on that controller using cygwin tools, the permissions all
seem to be ---------- on those files. My domain user account is a member of one
of those "local" accounts on the domain controller. I thought that if I added
those group definitions into /etc/group, the problem might be alleviated, at
Does that make any sense?
--- Corinna Vinschen <email@example.com> wrote:
> Rick Rankin wrote:
> > I'm not sure exactly how to provide an example -- the situation simply
> > However, I've been poking around in the MSDN documentation, and I've found
> > [...]
> To keep it simple:
> Each NT/W2K machine has local groups. A local group is only valid
> on the local machine. They are retrieved by the function
> `NetLocalGroupEnum' or in a Cygwin environment on the command line by
> `mkpasswd -g' or `mkgroup -l'.
> A domain is a domain is a domain. A domain has domain groups which
> are sometimes named `global groups' by the Microsoft documentation.
> These groups are retrieved by the function `NetGroupEnum' or on
> the command line by `mkgroup -d DOMAIN'. If you don't give a domain
> name, the default domain is used.
> Domain (or global) groups may be member of local groups while
> domain groups may only have users as members.
> There's another class of groups which is called `predefined local
> group' or similar. That are the groups which already exist on a
> machine when it has been installed. Examples are the administrators
> group or the guest group. Except that they are predefined they
> behave the same as later defined local groups.
> I suggest (how boring) reading the ntsec chapter in the online
> users guide:
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Developer mailto:firstname.lastname@example.org
> Red Hat, Inc.
> Want to unsubscribe from this list?
> Send a message to email@example.com
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
Want to unsubscribe from this list?
Send a message to firstname.lastname@example.org
More information about the Cygwin