This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: RFC: 1.7.33 problem with user's home directory


On Nov 11 11:18, Corinna Vinschen wrote:
> On Nov 10 23:09, Warren Young wrote:
> > On Nov 10, 2014, at 1:52 PM, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
> > 
> > > Shall the "db" entries utilize the Windows home folder if it exits(*)
> > > and drop using the unixHomeDirectory?  It seems inevitableâ
> > 
> > Use of AD implies some level of security consciousness.  The ability to write to c:\cygwin â not just during installation, but during all use thereafter! â comes out of a world where every user is a local Administrator.
> > 
> > This answer I wrote on Stack Overflow is one way to solve the problem today:
> > 
> >     http://stackoverflow.com/questions/26666180/
> > 
> > It might not be a bad idea if Cygwin started doing this sort of thing by default in the future.  (Obviously for new installs only.)
> 
> What I gather from the replies so far is this:
> 
> - Nobody really cares for unixHomeDirectory.
> 
> - Some want to use the Windows home folder.
> 
> - Some want Cygwin to utilize the HOMEPATH dir.
> 
> - Some want Cygwin to use always it's own /home and do everything else
>   via symlinks or mount points.
> 
> The problem so far is that I'm not sure it's clear to everybody what
> I mean.  I'm *not* talking about a default value which can easily be
> overridden by tweaking /etc/passwd.  I'm talking about what the passwd
> entry contains if there's no passwd file, and the admins want to keep
> the administration strictly inside AD.  The passwd entry gets generated
> from what AD provides.  And here we need a sensible default behaviour.
> 
> One possible, but not naturally useful default behaviour is what
> the current code does:
> 
> 1. Utilize the unixHomeDirectory AD attribute.
> 2. If unixHomeDirectory is empty, fall back to /home/$USER.
> 
> Another possible behaviour:
> 
> 1. Utilize the homeDirectory AD attribute (aka %HOMEDRIVE%%HOMEPATH%).
> 2. If homeDirectory is empty, fall back to /home/$USER.
> 
> Another:
> 
> 1. Always use /home/$USER and let the admins come up with a matching
>    mount point scheme.
> 
> Another:
> 
> 1. Add a setting to /etc/nsswitch.conf which allows to specify one of
>   the above:
> 
>     home: [unix|win|home]...
> 
>    - "unix" means, set pw_dir to unixHomeDirectory
>    - "win" means, set pw_dir to homeDirectory
>    - "home" means, set pw_dir to /home/$USER
>    - Multiple entries are possible.
>    - Default in the absence of this setting is: always set pw_dir to
>      /home/$USER.

Another way to handle Cygwin-specific settings would be to utilize the
description(*) field in the user's entry, just as implemented for SAM
accounts.  See the SAM part of
https://cygwin.com/preliminary-ug/ntsec.html#ntsec-mapping-passwdinfo
for how to use XML-alike entries in the description field to add user
data, for instance

  <cygwin home="/foo/bar"\ shell="/bin/tcsh"/>

This could be added to some standard scheme:

  1. Utilize the description attribute.
  2. If description is empty, utilize homeDirectory.
  3. If homeDirectory is empty, use /home/$USER.

Or this could be added as a setting in nsswitch.conf:

  home: [unix|win|desc|home]

I could think of arbitrarily complex ways to extend this nsswitch.conf
setting, as in:

  home: /foo/bar/%U

With %U being the Windows username, %D the domain name, %u the Cygwin
user name.  But all this also takes time to implement, of course :(


Corinna


(*) Note the naming confusion:
    The `net user /comment:...' command sets the AD attribute "description".
    The `net user /usercomment:...' command sets the AD attribute "comment".

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpr161XcfStF.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]