Switching groups with newgrp - how to get the new group with |GetTokenInformation()| ?
Corinna Vinschen
corinna-cygwin@cygwin.com
Sat Feb 24 13:11:03 GMT 2024
On Feb 23 22:15, Dan Shelton via Cygwin wrote:
> HOWEVER, there is another Cygwin bug:
> "getent group mywingrp1" does not list any group members, even after
> "net localgroup mywingrp1 mywinuser44 /add", which is a POSIX
> violation.
Not a bug. Two problems:
- Getting members of a group can be an extremly costly operation
in a domain or, worse, a domain forest, or even worse, if the
domain or domain forest is remote.
- Alonmg the same lines, getting members of a group can be extremly
costly in big orgs with thousands of users. Nobody want's to clutter
up space with the list of members in the "Domain Users" group.
- Permissions to enumerate members of a group are restricted.
By default only admins and group members are allow to enumerate
members and this can be restricted further by domain admins.
Therefore we dropped even trying to populate gr_mem, considering
that even in its original form on Unix systems, it's used only
to add supplementary groups. To do this right on Windows is even
more costly than blindly enumerating.
It's not a bug, it's a feature :)
Corinna
More information about the Cygwin
mailing list