Switching groups with newgrp - how to get the new group with |GetTokenInformation()| ?

Corinna Vinschen corinna-cygwin@cygwin.com
Sat Feb 24 13:11:03 GMT 2024


On Feb 23 22:15, Dan Shelton via Cygwin wrote:
> HOWEVER, there is another Cygwin bug:
> "getent group mywingrp1" does not list any group members, even after
> "net localgroup mywingrp1 mywinuser44 /add", which is a POSIX
> violation.

Not a bug.  Two problems:

- Getting members of a group can be an extremly costly operation
  in a domain or, worse, a domain forest, or even worse, if the 
  domain or domain forest is remote.

- Alonmg the same lines, getting members of a group can be extremly
  costly in big orgs with thousands of users.  Nobody want's to clutter
  up space with the list of members in the "Domain Users" group.

- Permissions to enumerate members of a group are restricted.
  By default only admins and group members are allow to enumerate
  members and this can be restricted further by domain admins.

Therefore we dropped even trying to populate gr_mem, considering
that even in its original form on Unix systems, it's used only
to add supplementary groups.  To do this right on Windows is even
more costly than blindly enumerating.

It's not a bug, it's a feature :)


Corinna


More information about the Cygwin mailing list