This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
RE: nt domain security issues with cygwin dll 1.3.13-2
- From: "Harold L Hunt II" <huntharo at msu dot edu>
- To: <cygwin-xfree at cygwin dot com>
- Date: Tue, 22 Oct 2002 10:30:38 -0400
- Subject: RE: nt domain security issues with cygwin dll 1.3.13-2
- Reply-to: cygwin-xfree at cygwin dot com
Dave,
If you are running mkpasswd for a local account, then you do not want to
pass -d to mkpasswd, as that tells it to look for a domain account. For
your local account you should be running:
mkpasswd -u AdiPcAdm
Only for your domain account should you run:
mkpasswd -d -u [domain-account-username]
Give that a shot and see what happens.
Harold
> -----Original Message-----
> From: cygwin-xfree-owner@cygwin.com
> [mailto:cygwin-xfree-owner@cygwin.com]On Behalf Of David Meleedy
> Sent: Tuesday, October 22, 2002 7:15 AM
> To: cygwin-xfree@cygwin.com
> Subject: nt domain security issues with cygwin dll 1.3.13-2
>
>
>
> this is FYI, a startx problem that ends up being
> an NT domain issue.
>
> I had reported a problem where startx was failing due to
> the X server not accepting connections. It was pointed
> out to me that from 1.3.12-4 to 1.3.13-2, the ntsec
> option was on by default and this would affect NT domain
> machines (which is what I am using on my Windows 2000 machine).
>
> So here is the symptoms of the problem on a UID basis:
>
> DMELEEDY-D01-13: id
> uid=500(AdiPcAdmin) gid=544(Administrators) groups=544(Administrators)
> DMELEEDY-D01-14: touch foo
> DMELEEDY-D01-15: ls -l foo
> DMELEEDY-D01-16: ls -l foo
> -rw-r--r-- 1 7469 Administ 0 Oct 22 03:41 foo
>
> As you can see, with 1.3.13-2, the file is owned by UID "7469" not
> 500.
>
> If I revert to the old dll, 1.3.13-2, the same file (not recreated):
>
> DMELEEDY-D01-3: ls -l foo
> -rw-r--r-- 1 AdiPcAdm Administ 0 Oct 22 03:41 foo
>
> has the correct file permissions.
>
> So it was suggested that I use, mkpasswd to fix the problem.
> The problem with this is that my machine was set up by my
> corporation to use an NT domain, but it would not be connected
> to that domain unless I use VPN. So without VPN running, this
> is what happened:
>
> DMELEEDY-D01-1: mkpasswd -d -u AdiPcAdm
> mkpasswd: [2453] Could not find domain controller for this domain
>
> So then I connected with VPN to see if I could do it after that:
>
> DMELEEDY-D0102: mkpasswd -d -u AdiPcAdm
> mkpasswd: [2221] The user name could not be found.
>
> Now this machine was set up with it's own local domain, so that
> is probably why it couldn't find the domain controller in the first
> case, and then in the 2nd case the domain controller didn't
> know anything about my local accounts.
>
> So, another problem I saw is when I reinstalled cygwin with the new
> dll, some files weren't being created properly, I remember seeing
> flashing by something about permissions not being correct to create
> the /var/spool/texmf/ls-R file, and indeed that file is 0 bytes long.
>
> So other than preventing "startx" from working, this is breaking
> the basic install process for other packages as well.
>
> What can be done to fix this?
>
> Is there a way to shut off ntsec so I can get things working with
> the new dll?
>
> Please let me know if I can supply you with any further
> information. Also, I will be glad to help debug any tests
> you may set up. Just tell me the details of how to download
> any test code.
>
> Thanks,
>
> -Dave
>
> ________________________________________________________________________
> David Meleedy Analog Devices, Inc.
> David.Meleedy@analog.com Three Technology Way
> Phone: 617 461 3494 Norwood, MA 02062-9106 USA
>
>