On Sat, Nov 9, 2024 at 6:00 PM Corinna Vinschen via Cygwin
<cygwin@cygwin.com> wrote:
> On Nov 9 17:31, Roland Mainz via Cygwin wrote:
> > Does anyone know a list of SIDs which can be used to get the
> > user+group accounts for passwd entry "Adminstrator" and group entry
> > "None" ?
> >
> > Our problem is that the actual account names vary with the system
> > locale, e.g. group entry "None" is "Kein" in "de_DE", "Aucun" in
> > fr_FR etc. ...
> > ... so far we thought we fixed this by doing a lookup via SID, and
> > then remembering the localised name.
> >
> > But: The SIDs are apparently not stable between Windows versions.
> > For example:
> > ---- snip ----
> > # Windows Server 2022/en
> > $ getent group None
> > None:S-1-5-21-168624908-967194555-3343779530-513:197121:
> > # Windows Server 2019
> > $ getent group None
> > None:S-1-5-21-3286904461-661230000-4220857270-513:197121
> > ---- snip ----
>
> They *are* stable in that they are
>
> ${Machine-SID}-513
>
> > And if there is no such list, would $ mkgroup | egrep
> > ':S-1-5-21-.+-513:' # be a suitable workaround ?
>
> No.
>
> ${AD-SID|-513 == "Domain Users"
>
> I have not the faintest idea what the MS guys were thinking at the time,
> calling the group "None". This is basically the equivalent of "Domain
> Users" for local accounts on machines not being domain controller. A
> useful name would have been "Local Users" or "Machine Users", but,
> well, it is what it is.
>
> The safe way to check the SID is to fetch the machine SID attach the RID
> 513, and check for equality.
How can I get the "machine SID", preferably using /usr/bin/getent,
/usr/bin/getconf or /proc ?
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.ma...@nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
