This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: sshd and network share permissions

From: Joe Hetrick <jhetrick at bitjanitor dot net>
To: cygwin at cygwin dot com
Date: Thu, 06 Apr 2006 12:09:08 -0500
Subject: Re: sshd and network share permissions
References: <043601c6599a$a15362b0$a501a8c0@CAM.ARTIMI.COM>

Dave Korn wrote:

On 06 April 2006 17:31, Joe Hetrick wrote:

Dave Korn wrote:

On 06 April 2006 16:01, Joseph Hetrick wrote:

	I've set cygwin sshd up according to the following (which seems to be
what is posted to the list at various intervals).

http://pigtail.net/LRP/printsrv/cygwin-sshd.html


  Well, if you've read those posts, you'll also have read the follow-ups,
won't you, and so you'll already have known before you even sent that post
that you aren't going to get an answer here, won't you, and so it isn't
really clear why you even bothered to finish the post and send it, is it?

I'm not really sure I see what you're getting at.


  The fact that nobody here offers support services for pigtail.net.  If you
follow some non-standard instructions from some random website on the net, and
something goes wrong, you should ask the place you got the instructions from
what the problem is with their instructions.  Nobody here is necessarily going
to have any idea what it says at that site, nor is anyone going to be keen to
jump up and do a detailed analysis of the similarities and discrepancies
between what they suggest and the officially recommended way of configuring
cygwin as seen in the cygwin documentation.

Understood. Was just being honest, however.

Unless its that I
didn't also mention that I read and followed
/usr/share/doc/Cygwin/openssh.README


  Ah, so you've followed some random combination of the right instructions and
some random set of unknown instructions.  Great.  Well, all I can say based on
that is that you might have got it right and there might be a real problem, or
you might have got it wrong and the problem might just be caused by something
unimportant or something else.  Or not.

Also understood, and anticipated. Fortunately (or un) I'm also fiddling in a VMware environment so I was bright enough to just revert snapshots so I could be reasonably sure I was back to a Cygwin Known State.

(It would have been a better idea to mention the bit that we all know about rather than the bit which every single time it gets mentioned somebody has to point out all over again that we don't know what advice or instructions they give out at pigtail dot net and therefore cannot give informed responses to queries regarding it.)

So, at this point lets forget I even mentioned pigtail, and start to assume that I'm running fresh and maybe have some misconceptions about How Things Actually Should work versus what I groked from:

http://cygwin.com/cygwin-ug-net/ntsec.html

I see plenty of responses to postings with less specific and less
complete postings than my own, which normally direct folks to
openssh.README.


  So, why didn't you know to ignore the pigtail dot net site and /just/ use
the canonical instructions?

Well, in all honestly I tried those second... And then I went back to known and reworked through the Cygwin Blessed, to be sure I hadn't made any of the posted mistakes in that process.

My questions were more directed at the behavior that I was seeing and if
it fit with what I should be seeing when sshd runs as SYSTEM.


  OK, then the answer to your question "Is this a symptom of sshd running as
SYSTEM?" is "Yes under certain circumstance, no under others, ACCORDING TO HOW
YOU'VE CONFIGURED AND SET UP YOUR SYSTEM".  And since that vital second clause
is full of unknowns, any answer we give you is likely to be equally uncertain.

And I'll pretty much fess up to being in an odd environment. Most postings seemed to be around local users with remote share points and permissions. In my case it's domain users and remote share points (both samba and 2k3), though, in theory, it seems like with some twiddle, this should be perfectly servicable.

I'll also fess up to not being overly comfortable with windows permissions and then how they're handled by NTSEC/SMBNTSEC.

The obvious next step may be to get running sshd as !SYSTEM in an attempt to get around credential problems, which I'm currently doing battle with, and wasn't quite informed enough to post some questions I've got there.

I wasn't groveling for a canned solution, I was merely following posting
rules, and asking a few questions related to what I was seeing in hopes
that I could get a confirmation or two.
Well, full marks for attaching your cygcheck.out anyway.

Shouldn't you be doing something about that "mkgroup-l-d"?

Yea, that is a problem. The particular user is a member of piles of groups, and I've begun working through why those aren't happening.

Thanks, I'll go work through my groups with a bit more effort. And work through a few more possibilities and try and see if I can come up with something more specific with a more specific set of responses.

J


    cheers,
      DaveK


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- RE: sshd and network share permissions
  - From: Dave Korn

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]