This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Testers needed: New passwd/group handling in Cygwin


On Feb 16 12:56, Corinna Vinschen wrote:
> On Feb 16 03:30, Warren Young wrote:
> > On Feb 15, 2014, at 5:50 AM, Corinna Vinschen wrote:
> > > No, that's not right.  We have two mechanisms implemented you can
> > > choose three out of four possible combinations:
> > > 
> > > files only
> > > db only
> > > files, then db
> > 
> > Yes, I realize that.
> > 
> > While composing the previous email, I considered a 2-Boolean design:
> > 
> >    ignore_db=false
> >    ignore_files=false
> > 
> > I rejected that design when I realized that ignore_files is redundant with respect to /etc/foo file existence.  If the files are present, use them.  If not, you have a DB-only configuration.
> 
> What if an admin wants to avoid that files are read at all, even if a
> user manages to generate them?

Anyway, I'm willing to switch from /etc/nsswitch.conf to something else.

Let's assume we go with /etc/cygwin.conf instead.

This wouldn't set a bad precedent in terms of syntax and keyword
differences to configuration files existing on Linux, and it would allow
to define more settings which have nothing to do with passwd/group stuff
in the long run.

So, how should this look like?  Let's do some free floating, 

  # /etc/cygwin.conf
  pwdgrp="files db"

  db_separator="+"
  db_cache="yes"
  db_prefix="auto"

And now the new one.  I have getpwent/getgrent practically ready to go.
It's just missing the setting to restrict the enumeration.  It occured
to me that an admin or a user might want to restrict the enumeration to
a specific set of domains.  What about something like this?

  db_enum="local primary trusted_dom1 trusted_dom2"

"local" and "primary" being fixed keywords for the local machine
accounts and the accounts from the primary domain.  Everything else is
treated as a domain name of a trusted domain, and the name can be given
as flat domain name as well as as dns domain name.

Does that make sense?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpMbOuN2Yje5.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]