Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tables: extend user_groups table to windows #3668

Open
muffins opened this issue Sep 8, 2017 · 7 comments

Comments

@muffins
Copy link
Contributor

commented Sep 8, 2017

we have the user_groups table on posix, but we need to extend this table to Windows.

@muffins

This comment has been minimized.

Copy link
Contributor Author

commented Sep 8, 2017

Note that this might also entail modifying how our users table functions on windows.

@theopolis theopolis changed the title tables: extende user_groups table to windows tables: extend user_groups table to windows Sep 9, 2017
@muffins

This comment has been minimized.

Copy link
Contributor Author

commented Sep 27, 2017

We have some beautiful templates for this work, if folks are interested drop a line here and I can provide you with some work that's already been started!

@mike-myers-tob

This comment has been minimized.

Copy link
Contributor

commented Oct 7, 2017

@muffins can I work on this? I am interested in your details on how you want it done.

@muffins

This comment has been minimized.

Copy link
Contributor Author

commented Oct 9, 2017

@mike-myers-tob sounds good! I'll shoot you some information over Slack.

@mike-myers-tob

This comment has been minimized.

Copy link
Contributor

commented Nov 28, 2017

So what we merged in #3855 was a groups table for Windows, matching the schema of other platforms. It lists out the groups on the system.

Do we still want a user_groups table for Windows (to show the group that every user belongs to)?

@muffins

This comment has been minimized.

Copy link
Contributor Author

commented Nov 29, 2017

@mike-myers-tob yeah we'll want to try and match the posix scheme if we can. The need for the user_groups table is to act as a bridge between the groups table and the users table, so you could have something like:

osquery> select u.username, g.groupname from users u, user_groups ug, groups g where u.uid = ug.uid and ug.gid = g.gid and u.username = 'thor' limit 10;
+----------+------------------------------+
| username | groupname                    |
+----------+------------------------------+
| thor     |                              |
| thor     | com.apple.sharepoint.group.1 |
| thor     | everyone                     |
| thor     | netaccounts                  |
| thor     | admin                        |
| thor     | _lpadmin                     |
| thor     | _appstore                    |
| thor     | _lpoperator                  |
| thor     | _developer                   |
| thor     | _analyticsusers              |
+----------+------------------------------+
@muffins

This comment has been minimized.

Copy link
Contributor Author

commented Nov 29, 2017

It could be the case that there's an easier/better way to get this information on windows, and that definitely merits investigation, but the goal here would be the "Single query for all platforms" idea, so if we can it'd be awesome to mimic the posix schemas.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.