This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: group"S-1-2-0"(users who login locally)in ssh;windows 2003


On Aug 17 18:49, Tom Rodman wrote:
> 
> tried that.. no joy, take a look:
> --v-v------------------C-U-T---H-E-R-E-------------------------v-v-- 
>   $ $WINDIR/system32/whoami /all #we're in an ssh session before edits made to /etc/group
>   
>   USER INFORMATION
>   ----------------
>   
>   User Name  SID
>   ========== =============================================
>   DOMxx1\adm_usr1 S-1-5-21-1390067357-1202660629-682003330-5774

Must be a password logon session, otherwise you would not see this
user name here, but sshd_server.

>   $ echo local:S-1-2-0:2:adm_usr1 >> /etc/group
>   $ wc -l /etc/group
>   2691 /etc/group
>   $ exit
>   logout
>   Connection to OurSrvr065 closed.
>   [16:02:33 Thu Aug 17 0j 36 2354 ~/Mail]
>   [localhost rodmant]$ ssh OurSrvr065 -l adm_usr1 #~adm_usr1 is on a remote share

Won't work, at least not with pubkey authentication.

>   adm_usr1@OurSrvr065's password:
>   Last login: Thu Aug 17 15:58:07 2006 from 10.165.10.182
>   Welcome to ITZG compile engine ..
>   Could not chdir to home directory /user/adm_usr1: Permission denied
>   -bash: /etc/profile: Permission denied
>   -bash: /user/adm_usr1/.bash_profile: Permission denied

Looks quite expected.

>   -bash-3.00$ $WINDIR/system32/whoami /all #notice whoami shows wrong user name:
>   
>   USER INFORMATION
>   ----------------
>   
>   User Name             SID
>   ===================== =============================================
>   OurSrvr065\sshd_server S-1-5-21-1390067357-1202660629-682003330-5774

As expected.

>   GROUP INFORMATION
>   -----------------
>   
>   Group Name                       Type             SID                                           Attributes
>   ================================ ================ ============================================= ==================================================
>   Everyone                         Well-known group S-1-1-0                                       Mandatory group, Enabled by default, Enabled group
>   NT AUTHORITY\Authenticated Users Well-known group S-1-5-11                                      Mandatory group, Enabled by default, Enabled group
>   LOCAL                            Well-known group S-1-2-0                                       Mandatory group, Enabled by default, Enabled group

Well, here's the LOCAL group.  What's the problem?  The fact that
Windows applications asking for the user name get the wrong user name is
a result of using the logon session of the sshd server process when
using pubkey authentication.  This is a long standing problem, for
years.  There's no workaround for the time being.  However, if you take
a look into the user token of the process using other means
(OpenProcessToken/GetTokenInformation), you'll see that the token user,
as well as the token owner is set to the user account you logged in to,
DOMxx1\adm_usr1 in this case.  Why the Windows functions returning the
user name from a SID fail to return the correct user name (as for
whoami) in this scenario, is beyond me.  This is arguably a Windows bug.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]