Attached a list of stable and local passwd and group sids that might be of use.
Note the digit groups after -21- and -80- ids are variable.
No id what some of the numbers are!
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
On 2024-11-09 11:25, Christian Franke via Cygwin wrote:
Roland Mainz via Cygwin wrote:
On Sat, Nov 9, 2024 at 6:00 PM Corinna Vinschen via Cygwin wrote:
On Nov 9 17:31, Roland Mainz via Cygwin wrote:
Does anyone know a list of SIDs which can be used to get the
user+group accounts for passwd entry "Adminstrator" and group entry
"None" ?
Our problem is that the actual account names vary with the system
locale, e.g. group entry "None" is "Kein" in "de_DE", "Aucun" in
fr_FR etc. ...
... so far we thought we fixed this by doing a lookup via SID, and
then remembering the localised name.
But: The SIDs are apparently not stable between Windows versions.
For example:
---- snip ----
# Windows Server 2022/en
$ getent group None
None:S-1-5-21-168624908-967194555-3343779530-513:197121:
# Windows Server 2019
$ getent group None
None:S-1-5-21-3286904461-661230000-4220857270-513:197121
---- snip ----
They *are* stable in that they are
${Machine-SID}-513
And if there is no such list, would $ mkgroup | egrep
':S-1-5-21-.+-513:' # be a suitable workaround ?
No.
${AD-SID|-513 == "Domain Users"
I have not the faintest idea what the MS guys were thinking at the time,
calling the group "None". This is basically the equivalent of "Domain
Users" for local accounts on machines not being domain controller. A
useful name would have been "Local Users" or "Machine Users", but,
well, it is what it is.
The safe way to check the SID is to fetch the machine SID attach the RID
513, and check for equality.
How can I get the "machine SID", preferably using /usr/bin/getent,
/usr/bin/getconf or /proc ?
If domain info is excluded from mkgroup output, the one and only S-*-513 group
should contain the machine SID:
$ sid=$(mkgroup -l | sed -n 's/[^:]*:\(S-[-0-9]*\)-513:.*$/\1/p')
$ test $(wc -l <<<"$sid") = 1 || echo 'My assumption was wrong :-)'
Passwd Sids
System Independent Passwd Sids
SYSTEM:*:18:18:U-NT AUTHORITY/SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash
LOCAL SERVICE:*:19:19:U-NT AUTHORITY/LOCAL SERVICE,S-1-5-19:/:/sbin/nologin
NETWORK SERVICE:*:20:20:U-NT AUTHORITY/NETWORK SERVICE,S-1-5-20:/:/sbin/nologin
Administrators:*:544:544:U-BUILTIN/Administrators,S-1-5-32-544:/:/sbin/nologin
System Dependent S-1-5-21-...-500 Passwd Sids
Administrator:*:$GROUPS:$GROUPS:U-$HOSTNAME/Administrator,S-1-5-21-????????-????????-????????-500:/home/Administrator:/bin/bash
DefaultAccount:*:$GROUPS:$GROUPS:U-$HOSTNAME/DefaultAccount,S-1-5-21-????????-????????-????????-503:/home/DefaultAccount:/bin/bash
Guest:*:$GROUPS:$GROUPS:U-$HOSTNAME/Guest,S-1-5-21-????????-????????-????????-501:/home/Guest:/bin/bash
WDAGUtilityAccount:*:$GROUPS:$GROUPS:U-$HOSTNAME/WDAGUtilityAccount,S-1-5-21-????????-????????-????????-504:/home/WDAGUtilityAccount:/bin/bash
Other
NT SERVICE+TrustedInstaller:*:328384:328384:U-NT
SERVICE\TrustedInstaller,S-1-5-80-????????-????????-????????-????????-2271478464:/:/sbin/nologin
Group Sids
System Independent Group Sids
Authenticated Users:S-1-5-11:11:
RESTRICTED:S-1-5-12:12:
SYSTEM:S-1-5-18:18:
Administrators:S-1-5-32-544:544:
Users:S-1-5-32-545:545:
Guests:S-1-5-32-546:546:
Performance Monitor Users:S-1-5-32-558:558:
Performance Log Users:S-1-5-32-559:559:
Distributed COM Users:S-1-5-32-562:562:
IIS_IUSRS:S-1-5-32-568:568:
Event Log Readers:S-1-5-32-573:573:
Hyper-V Administrators:S-1-5-32-578:578:
Remote Management Users:S-1-5-32-580:580:
System Managed Accounts Group:S-1-5-32-581:581:
Device Owners:S-1-5-32-583:583:
ALL APPLICATION PACKAGES:S-1-15-2-1:69409:
ALL RESTRICTED APP PACKAGES:S-1-15-2-2:69410:
System Dependent S-1-5-21-...-500 Group Sids
None:S-1-5-21-????????-????????-????????-513:$GROUPS:
Other
NT
SERVICE+TrustedInstaller:S-1-5-80-????????-????????-????????-????????-2271478464:328384:
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
