This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Windows rights


Top-posting again.  Reformatted, again.

On Fri, 24 Jun 2005, Christophe Delarue wrote:

> -----Original Message-----
> From: Igor Pechtchanski [mailto:pechtcha@XX.XXX.XXX]
> Sent: Thursday, June 23, 2005 18:03
> To: Christophe Delarue
> Cc: cygwin@XXXXXX.XXX
> Subject: Re: Windows rights

And again, <http://cygwin.com/acronyms/#PCYMTNQREAIYR>.  If you don't know
how, Google for "PCYMTNQREAIYR Outlook".

> > Ugh.  Top-posting.  Reformatted.  BTW, there was no need to Cc: me, I
> > read the list.  Please make sure your mailer respects the Reply-To:
> > header.
> >
> > On Thu, 23 Jun 2005, Christophe Delarue wrote:
> >
> > > -----Original Message-----
> > > From: cygwin-owner@XXXXXX.XXX On Behalf Of Igor Pechtchanski
> > > Sent: Thursday, June 23, 2005 15:14
> > > To: Christophe Delarue
> > > Cc: cygwin@XXXXXX.XXX
> >
> > <http://cygwin.com/acronyms/#PCYMTNQREAIYR>.  Thanks.
> >
> > > Subject: [spam] Re: Windows rights
> > >
> > > > Same problem in both cases.  Read all of
> > > > <http://cygwin.com/cygwin-ug-net/ntsec.html>, especially the part
> > > > titled "Switching User Context", carefully.
> > >
> > > Thank's for your answer
> > >
> > > My server is Ms 2000.
> > >
> > > I read the url you gave me (I have allready read). I do not well
> > > understand the section switching user context
> > >
> > > Does the second paragraph "On NT and Windows 2000 the SYSTEM user has
> > > these privileges and can run services such as sshd." says that I
> > > should run the services as SYSTEM and not LocalSystem ?
> >
> > No, SYSTEM and LocalSystem are two names for the same user.  It's known
> > as SYSTEM in Cygwin, but Windows calls it LocalSystem.  Perhaps the
> > above link should be amended to clarify this.
> >
> > > Do the third paragraph
> > >
> > > " An important restriction of this method is that a process started
> > > without a password cannot access network shares which require
> > > authentication. This also applies to subprocesses which switched user
> > > context without a password. Therefore, when using ssh or rsh without a
> >
> > > password, it is typically not possible to access network drives"
> > >
> > > Means it is impossible to access any network drives without explicit
> > > login ?
> >
> > Sort of.  It is impossible to access network drives that require
> > authentication without an explicit login.
> >
> > > Is there a method to rsh on a windows machine without password and
> > > access network drives ?
> >
> > If you use rsh, you might as well do what's suggested in the FAQ entry
> > that Larry pointed you to and make your shares world-readable, since
> > security is completely shot anyway.
> >
> > If you decide to switch to ssh, I think you can use ssh-agent to
> > password-authenticate without having to type in your password every
> > time.
> > I haven't used ssh-agent much, so I don't recall the exact recipe for
> > starting it.  Read the documentation or ask for help somewhere else (I
> > doubt any usage questions will be Cygwin-specific).
> > 	Igor
>
> Sorry for formatting I'm not familiar with outlook ... I prefer
> emacs-vm.

You can press Ctrl-End in Outlook before replying -- that should put you
after the quoted message.  FWIW, the abovementioned solution may work for
this as well.

> Having a inetd for my account on the server is may be a solution. As
> various user could do this remote compilation, I have to install various
> inetd service, one per user ...

That's pretty ugly.  Again, if you use rsh, you might as well open up the
network shares.

> I tried sshd.
> The ssh-agent refuses to take the sshd files ~/.ssh/id_rsa since they
> are world readable -rw-r--r--.

Oh, and why are they?  ~/.ssh should have permissions 700 (and the files
in it should be 600).  Besides, if you use password authentication,
ssh-agent shouldn't even look at those files, unless I'm mistaken.

> Any chmod on this network files does not work. My Home is on the network
> as generated with mkpasswd.
> The use of ssh force me to use local /home/<login> directory.

Hmm, if you use password authentication, you should have no problem
accessing the share, unless there are other issues here that I'm not aware
of.  If you use public key authentication, you'd have the same problem on
Unix with something like DFS, or any other filesystem that requires full
authentication tokens to access.

> With this settings I loose all initialization done in the network HOME
> directory.

There are various people around on this list who have their $HOME on a
network share, and many have no problems using ssh.  You need to find out
whether it's possible to use ssh-agent with password authentication, but
as that's not Cygwin-specific information, you'll have to use another
forum.

> I think I'll use the inetd per user ...
> I'll send what I definitely will use.
> Thank's for help.

Sure, it's your choice.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]