UNIX nobody/nogroup mapping to which Windows SID/account?
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Mar 4 10:26:12 GMT 2024
On Mar 3 14:45, Martin Wege via Cygwin wrote:
> Hello,
>
> How can we map UNIX "nobody"/"nogroup" to Win32 SIDs/accounts? Cygwin
> has entries for "nobody" in /etc/passwd and "nogroup" in /etc/group,
> but these accounts have SIDs returned by /usr/bin/getent passwd and
> /usr/bin/getent group which LookupAccountSidA() does not recognise.
>
> So what is the correct Win32 solution?
I urge you to read the entire thread starting at
https://sourceware.org/legacy-ml/cygwin/2016-06/msg00347.html
There's a *LOT* of information in there in terms of discussing and
creating the nobody/nogroup mapping.
Bottom line is, there's no nobody account equivalent on Windows and no
resolvable SID/Name pair. Thus, we decided to use the SID S-1-0-65534
mapped to uid/gid 65534 for this purpose. This doesn't matter to native
Windows, it's just some foreign SID. But it's resolvable inside Cygwin:
$ getent passwd S-1-0-65534
no+body:*:65534:65534:U-no\body,S-1-0-65534:/:/sbin/nologin
$ getent group S-1-0-65534
no+body:S-1-0-65534:65534:
Corinna
More information about the Cygwin
mailing list