Corinna Vinschen corinna-cygwin@cygwin.com
Mon Nov 10 10:51:00 GMT 2014

On Nov  7 21:51, Christian Franke wrote:
> Corinna Vinschen wrote:
> >>>In theory there should be only one option -l [machine], which prints the
> >>>local accounts of the current machine unprefixed (standalone machine) or
> >>>prefixed (domain machine), and always prefixed for a foreign machine.
> >>>The -L option can just go away.
> >>I disgree.
> >>
> >>Why not keep the old behavior of -l/-L for user names of current machine for
> >>those uses cases which rely on it?
> >You are always free to change the passwd/group files manually:
> >
> >   $ mkpasswd -l | sed -e 's/^[^:]*+//' > /etc/passwd
> Of course, and it is good that this is still possible. But this would
> require that all existing scripts relying on old behavior need to be
> changed.
> I still don't understand why this backward compatibility break of "mkpasswd
> -l" was mandatory.
> Most *-config scripts using "mkpasswd -l -u USER" may need to be changed.

Definitely.  The change is inevitable since most scripts using mkpasswd
or mkgroup do so to create entries in /etc/passwd and /etc/group.  But
this doesn't make sense anymore, or if so, only marginally so.

> Local scripts from Cygwin users which use "mkpasswd -l" may need to be
> changed.

They are not supposed to use mkpasswd anymore since they don't need it,
only in very special circumstances.  And then I expect that they will
have to change the created files manually anyway.

> Scripts tested by maintainers only outside a domain may no longer
> work inside a domain.

Hang on.  If you think this through, what is the supposed end result?
What's the naming scheme you're proposing for local and domain accounts?

The default is supposed to be not using the passwd and group files
anymore.  The account databases are not maintained by Cygwin, they are
maintained by the outside Windows world.  In multi-domain environments,
collisions will occur if the naming scheme doesn't take the domain into
account.  Local accounts may (well, do) collide with domain accounts.

What you say here sounds like the existing naming scheme (just use the
user name and note it in /etc/passwd) is the one which we have to keep
for backward compatibility, at least as default.

> An IMO better way would be to keep the old "mkpasswd -l" behavior and invent
> a new option for the output with the new non-domain/domain prefix handling.
> Then  a user would be able to "opt-in" for "local users of a domain machine
> always have a prefix" by
>   $ mkpasswd --the-new-local-option > /etc/passwd
> or even simpler:
>   $ > /etc/mkpasswd
> A user could "opt-out" by simply keeping all everything as-is for now :-)

Which means, everybody opts out be default.  The new default is the
old default and nobody uses the "db" method since /etc/passwd and
/etc/group files are "good enough".

> This IMO would provide a much smother migration path.

IMHO this would not provide a migration path at all.  It would just
cement the status quo.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20141110/830b232b/attachment.sig>

More information about the Cygwin mailing list