This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Problem with "None" Group on Non-Domain Members
- From: "Chris J. Breisch" <chris dot ml at breisch dot org>
- To: "cygwin at cygwin dot com" <cygwin at cygwin dot com>
- Date: Mon, 05 May 2014 09:49:24 -0400
- Subject: Problem with "None" Group on Non-Domain Members
- Authentication-results: sourceware.org; auth=none
Hi,
I noticed this over the weekend. It's probably working as designed,
however. And may have even been noticed by others before.
As has been noted in the past, if your machine is not a Domain member,
your account gets assigned to the "None" group. And it's your default
group as well. The problem is that the "None" group isn't very well
behaved when it comes to permissions.
Example below.
$ mkdir none-group-test
$ cd none-group-test/
$ touch foo
$ ls -l foo
-rw-rw-r-- 1 Chris None 0 May 5 09:35 foo
$ chmod 600 foo
$ ls -l foo
-rw-rw---- 1 Chris None 0 May 5 09:35 foo
$ chgrp Users foo
$ chmod 600 foo
$ ls -l foo
-rw------- 1 Chris Users 0 May 5 09:35 foo
When the group for a file or directory is set to "None", the group
permissions always mimic the owner permissions. I assume this is nothing
Cygwin has control over. But, this causes problems for programs like SSH
which expect some of its files to be locked down and only owner
accessible. Since "None" is the default group, this can be rather irksome.
As a workaround, I changed my default group in /etc/passwd from "None"
(513) to "Users" (545). That worked fine.
However, I wonder two things:
1) Do we have to make "None" be the default group in a non-Domain
environment? Is this something that could be set by mkpasswd? I realize
this is a Windows Group and Cygwin is just doing what Windows tells it
to do, but maybe that's not the best idea in this case.
2) How is this all going to work with Corinna's new stuff? Will I even
be able to change my default group with it?
Just to be clear, this is only a problem on non-Domain accounts. For a
Domain account the default group is "Domain Users" (513) rather than
"None" (513), and "Domain Users" is well-behaved.
--
Chris J. Breisch
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple