Corinna Vinschen corinna-cygwin@cygwin.com
Mon Nov 17 10:11:00 GMT 2014

On Nov 15 15:45, Christian Franke wrote:
> Corinna Vinschen wrote:
> >>The actual test scripts & tools from this use case pass local usernames
> >>from/to non-Cygwin programs and rely on the fact that Cygwin and Windows
> >>username match.
> >>
> >>For the long term, have some cyguser, cyggroup tools (similar to cygpath)
> >>which convert the names would be helpful.
> >Feel free to provide them.  I'm not quite sure what kind of conversion
> >you're thinking about.  Cygwin->Windows?  If so, you can get that
> >with simple scripts:
> >
> >   pwd_entry=$(/usr/bin/getent passwd "$username")
> >   # Extract Windows username and domain
> >   tmp="${pwd_entry#*:*:*:*U-}"
> >   tmp="${pwd_entry%%,*}"
> >   domain="${tmp%\\*}"
> >   username="${tmp#*\\}"
> Works, except when Cygwin does not provide a "U-*\NAME," in the gecos field.
> This is the case for Local Service, Network Service and Administrators.

This can be fixed easily.

> Tested in db-only mode with 1.7.34-001:
>   $ getent passwd localservice
>   localservice:*:19:19:,S-1-5-19:/:/sbin/nologin
> BTW, TrustedInstaller is not found by getent:
>   $ getent passwd TrustedInstaller ; echo $?
>   2
>   $ getent passwd 328384 ; echo $?
>   2

Oh, right.   This affects all "NT SERVICE" accounts.  However, this
also shows another problem.  Every service has its own SID under 
the NT SERVICE scheme.  This allows to print any service as a passwd
or group entry.  To avoid collisions I think the right thing to do
here is to always prefix NT SERVICE accounts, including TrustedInstaller:

  NT SERVICE+TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:/:/sbin/nologin

I applied a patch for both of the above to CVS.

> What will be the future 'official' way for the opposite Windows->Cygwin
> conversion? Some tool that uses CW_CYGNAME_FROM_WINNAME ?

In theory, the right tool for this would be... getent.  Just as I
added a way to use the S-<sid> syntax, I can add a way to use the
U-domain\username syntax.  This allows to use the same tool for both
directions and then simply filter out the account name you need.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20141117/fc2e5763/attachment.sig>

More information about the Cygwin mailing list