drew
/
acadia-newlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* ntsec.sgml: Clean up text for examples of /etc/passwd and /etc/group. 

Add examples with SIDs.  Warn about changing them crudely.
This commit is contained in:
Corinna Vinschen 2002-06-24 09:30:02 +00:00
parent f8f2ad211f
commit 76093a9b7e
2 changed files with 64 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
winsup/doc/ChangeLog
View File

@ -1,3 +1,8 @@
2002-06-24 Corinna Vinschen <corinna@vinschen.de>
* ntsec.sgml: Clean up text for examples of /etc/passwd and /etc/group.
Add examples with SIDs. Warn about changing them crudely.
2002-06-21 Christopher Faylor <cgf@redhat.com> 2002-06-21 Christopher Faylor <cgf@redhat.com>
* what.texinfo: Fix typo. * what.texinfo: Fix typo.

68
winsup/doc/ntsec.sgml
View File

@ -252,15 +252,15 @@ able to set primary groups! In these cases, where there is no correlation
of users to primary groups, NT returns 513 (None) as primary group, of users to primary groups, NT returns 513 (None) as primary group,
regardless of the membership to existing local groups.</para> regardless of the membership to existing local groups.</para>
<para>when using <command>mkpasswd -l -g</command> on such systems, you <para>When using <command>mkpasswd -l -g</command> on such systems, you
have to change the primary group by hand if `None' as primary group is have to change the primary group by hand if `None' as primary group is
not what you want (and I'm sure, it's not what you want!)</para> not what you want (and I'm sure, it's not what you want!)</para>
<para>To get help in creating correct passwd and group files, look at <para>Look at the following examples, which were parts of my files before
the following examples, that are part of my files. With the exception storing SIDs in /etc/passwd and /etc/group has been introduced (See next
of my personal user entry, all entries are well known entries. For a chapter for details). With the exception of my personal user entry, all
better understanding, the names are translated to the equivalents of the entries are well known entries.</para>
English NT version.</para>
<example> <example>
<title>/etc/passwd</title> <title>/etc/passwd</title>
<screen> <screen>
@ -286,6 +286,10 @@ powerusers::547:
</screen> </screen>
</example> </example>
<para>As you can see I've changed my primary group membership from 513 (None)
to 547 (powerusers). So all file I created inside of Cygwin were now owned
by the powerusers group instead of None. This is the way I liked it.<para>
<para>Groups may be mentioned in the passwd file, too. This has two <para>Groups may be mentioned in the passwd file, too. This has two
advantages:</para> advantages:</para>
<itemizedlist spacing="compact"> <itemizedlist spacing="compact">
@ -370,8 +374,8 @@ root:S-1-5-32-544:0:
<para>The tools <command>mkpasswd</command> and <command>mkgroup</command> <para>The tools <command>mkpasswd</command> and <command>mkgroup</command>
create the needed entries by default. If you don't want that you can use create the needed entries by default. If you don't want that you can use
the options <literal>-s</literal> or <literal>--no-sids</literal>. In this the options <literal>-s</literal> or <literal>--no-sids</literal>. I suggest
case ntsec behaves like the previous version.</para> not to do this since ntsec works better when having the SIDs available.</para>
<para>Please note that the pw_gecos field in <filename>/etc/passwd</filename> <para>Please note that the pw_gecos field in <filename>/etc/passwd</filename>
is defined as a comma seperated list. The SID has to be the last field!</para> is defined as a comma seperated list. The SID has to be the last field!</para>
@ -394,9 +398,55 @@ the_king::1:1:Elvis Presley,U-STILLHERE\elvis,S-1-5-21-1234-5678-9012-1000:/bin/
the_king::1:1:Elvis Presley,U-elvis,S-1-5-21-1234-5678-9012-1000:/bin/sh the_king::1:1:Elvis Presley,U-elvis,S-1-5-21-1234-5678-9012-1000:/bin/sh
</screen> </screen>
<para>In each case the password of the user is taken from the NT user <para>In either case the password of the user is taken from the NT user
database, NOT from the passwd file!</para> database, NOT from the passwd file!</para>
<para>As in the previous chapter I give my personal
<filename>/etc/passwd</filename> and <filename>/etc/group</filename> as
examples. Please note that I've changed these files heavily! There's no
need to change them that way, it's just for testing purposes and...
for fun.</para>
<example>
<title>/etc/passwd</title>
<screen>
root:*:0:0:Administrators group,S-1-5-32-544::
Everyone:*:1:1:,S-1-1-0::
SYSTEM:*:18:18:,S-1-5-18:/home/system:/bin/bash
admin:*:500:513:,S-1-5-21-1844237615-436374069-1060284298-500:/home/Administrator:/bin/bash
corinna:*:100:0:Corinna Vinschen,S-1-5-21-1844237615-436374069-1060284298-1003:/home/corinna:/bin/tcsh
Guest:*:501:546:,S-1-5-21-1844237615-436374069-1060284298-501:/home/Guest:/bin/bash
</screen>
</example>
<example>
<title>/etc/group</title>
<screen>
root:S-1-5-32-544:0:
everyone:S-1-1-0:1:
local:S-1-2-0:2:
network:S-1-5-2:3:
interactive:S-1-5-4:4:
authenticatedusers:S-1-5-11:5:
SYSTEM:S-1-5-18:18:
local_svc:S-1-5-19:19:
netwrk_svc:S-1-5-20:20:
none:S-1-5-21-1844237615-436374069-1060284298-513:513:
bckup_op:S-1-5-32-551:551:
guests:S-1-5-32-546:546:
pwrusers:S-1-5-32-547:547:
replicator:S-1-5-32-552:552:
users:S-1-5-32-545:545:
</screen>
</example>
<para>If you want to do similar changes to your files, please do that only
if you're feeling comfortably with the concepts. Otherwise don't be surprised
if some stuff doesn't work anymore. If you screwed up things, revert to files
created by mkpasswd and mkgroup. Especially don't change the uid or the name
of user SYSTEM. Even if that works mostly, some Cygwin applications running
as local service under that account could behave strangly suddenly.</para>
</sect2> </sect2>
<sect2 id="ntsec-mapping"><title>The mapping leak</title> <sect2 id="ntsec-mapping"><title>The mapping leak</title>