invalid login gid in /etc/passwd does not show group name as 'mkgroup'
Herb Maeder
maeder-cygml@maeder.org
Tue Oct 7 18:23:00 GMT 2008
The "Special values of user and group ids" section of the Cygwin User's
Guide (http://cygwin.com/1.7/cygwin-ug-net.html#ntsec-ids) states:
Also, since Cygwin release 1.3.20, if the current user is present in
/etc/passwd, but that user's login group is not present in /etc/group,
the group name will be shown as 'mkgroup', again indicating the
appropriate command.
I don't see that this holds true, at least for the case of a Domain User.
In fact, I see that an invalid login group id will be shown as a group
name of 'Domain Users' even though there is no such gid listed in
/etc/group. This can be confusing since things appear to work normally on
the surface, but some commands may fail in some not-so-obvious ways as a
result of the invalid login gid.
I noticed this under cygwin-1.7, but I believe the same holds under
cygwin-1.5.
This is my passwd entry, 'id' output, and group id from a file created by
me:
% grep herb /etc/passswd
herb:unused:11647:10513:U-ZZZ\herb,S-1-5-21-1936786716-3317986166-2952453263-1647:/c/home/herb:/bin/bash
% grep :10513: /etc/group
Domain Users:S-1-5-21-1936786716-3317986166-2952453263-513:10513:
% id
uid=11647(herb) gid=10513(Domain Users) groups=545(Users),10513(Domain Users)
% touch foobar
% ls -ln foobar
-rw-r--r-- 1 11647 10513 0 Oct 7 10:27 foobar
If I change the uid from 10513 to 898 (not in /etc/group), then fire up a
new window+shell, I see this:
% grep herb /etc/passwd
herb:unused:11647:898:U-ZZZ\herb,S-1-5-21-1936786716-3317986166-2952453263-1647:/c/home/herb:/bin/bash
% grep :898: /etc/group
% id
uid=11647(herb) gid=898(Domain Users) groups=545(Users),10513(Domain Users),898(Domain Users)
% ls -ln foobar
-rw-r--r-- 1 11647 898 0 Oct 7 10:27 foobar
Note that the "id" displays the gid as 'Domain Users', and the gid of file
foobar is listed as 898 even though it was originally created with gid
10513.
I'm not sure if this is specific to Domain Users or not. Also I don't
know if there is some valid reason for this behavior.
But given that the side effects of an invalid login gid are sometimes hard
to detect (and may be difficult to correlate to the invalid gid), it would
be nice to have a more obvious warning. I think that was the intent
behind showing the group name as "mkgroup" for this case (and providing
the checks in /etc/profile).
FYI, my situation is that I ran into a corner case of "mkpasswd -l -c"
which generated an incorrect gid for the current user (I have not fully
quantified exactly what happened yet). Everything appeared reasonable on
the surface (including displaying the group as "Domain Users"), but I
eventually noticed that "rsync --link-dest" was copying files instead of
hard linking them and tracked it back to the invalid gid issue.
Herb.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list