Testers needed: New passwd/group handling in Cygwin
Corinna Vinschen
corinna-cygwin@cygwin.com
Sun Feb 16 14:50:00 GMT 2014
On Feb 16 12:56, Corinna Vinschen wrote:
> On Feb 16 03:30, Warren Young wrote:
> > On Feb 15, 2014, at 5:50 AM, Corinna Vinschen wrote:
> > > No, that's not right. We have two mechanisms implemented you can
> > > choose three out of four possible combinations:
> > >
> > > files only
> > > db only
> > > files, then db
> >
> > Yes, I realize that.
> >
> > While composing the previous email, I considered a 2-Boolean design:
> >
> > ignore_db=false
> > ignore_files=false
> >
> > I rejected that design when I realized that ignore_files is redundant with respect to /etc/foo file existence. If the files are present, use them. If not, you have a DB-only configuration.
>
> What if an admin wants to avoid that files are read at all, even if a
> user manages to generate them?
Anyway, I'm willing to switch from /etc/nsswitch.conf to something else.
Let's assume we go with /etc/cygwin.conf instead.
This wouldn't set a bad precedent in terms of syntax and keyword
differences to configuration files existing on Linux, and it would allow
to define more settings which have nothing to do with passwd/group stuff
in the long run.
So, how should this look like? Let's do some free floating,
# /etc/cygwin.conf
pwdgrp="files db"
db_separator="+"
db_cache="yes"
db_prefix="auto"
And now the new one. I have getpwent/getgrent practically ready to go.
It's just missing the setting to restrict the enumeration. It occured
to me that an admin or a user might want to restrict the enumeration to
a specific set of domains. What about something like this?
db_enum="local primary trusted_dom1 trusted_dom2"
"local" and "primary" being fixed keywords for the local machine
accounts and the accounts from the primary domain. Everything else is
treated as a domain name of a trusted domain, and the name can be given
as flat domain name as well as as dns domain name.
Does that make sense?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140216/d3d1fb46/attachment.sig>
More information about the Cygwin
mailing list