This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: NTsec permissions issue over inet


Igor,
	I tried settting smbntsec and it did not work. With older version I
used to 
just set ntsec, make the passwd and group files, and everything would just
work
the way I would expect. Something has changed in the way cygwin handles NT
security.
I am running a generic version of windows 2000 with no thrid party filesys
drivers.
I don't believe that it's aproblem with my configuration because older
version of 
Cygwin have worked just fine. As of now all suggestions have not been
successful.
It sounds like a new bug has been introduced surrounding NT security.

Steve

-----Original Message-----
From: Igor Pechtchanski [mailto:pechtcha@cs.nyu.edu]
Sent: Sunday, June 01, 2003 7:30 PM
To: Stephen Banville
Cc: 'Bruce Dobrin'; cygwin@cygwin.com; stephen.banville@sycamorenet.com
Subject: RE: NTsec permissions issue over inet


Steve,

On Windows, if you use the Windows sharing mechanism (instead of a
proprietary filesystem driver), your shares are SMB shares (which stands
for Server Message Block, IIRC).  The 'smbntsec' option is designed for
those kinds of shares.  If you do have a proprietary filesystem driver,
Cygwin most likely doesn't have any support for recognizing the security
attributes on that.  <http://cygwin.com/acronyms/#PTC>.  It's also
possible that the filesystem driver that you have is partly compatible
with the NTFS or SMB security, and some addition to the Cygwin codebase
to deal better with one or the other has accesses to features that aren't
available on your filesystem, so it stopped working.



Your login problem has nothing to do with the above.  Unlike Linux, where
anyone can run "su" or "login", Windows NT variants require the user to
have extra privileges to be able to switch user context (create an access
token belonging to someone else).
<http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID> should explain
this somewhat.
	Igor

On Sun, 1 Jun 2003, Stephen Banville wrote:

> HI Bruce,
>
>         The reason I don't have smbntsec set is because the remote
> volumes are not Samba Shares. The interesting thing here is that when I
> ran an older version of Cygwin, this functionality would work just fine.
> I also tried the passwd trick (which didn't work as well.) I can't
> imagine what the problem could be ? At this time I am running out of
> ideas. My only hope at this time would be to enable some sort of a debug
> trace to see what component is actually failing during the login.
> Another interesting point to mention is that when I run the 'login'
> command within the shell, I cannot log in under my user name defined in
> the /etc/passwd file. Any ideas why this would ? This could somehow be
> related to my problem.
>
> Any help would be welcomed!!
>
> Steve
>
> -----Original Message-----
> From: cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com] On Behalf
> Of Bruce Dobrin
> Sent: Friday, May 30, 2003 8:20 PM
> To: cygwin@cygwin.com
> Subject: Re: NTsec permissions issue over inet
>
> OK,  further testing,  I can't get the below rlogin "trick" to work on a
> 1.3.22 machine,  the one it worked on is actually a 1.3.12 machine.  so,
> with 1.3.12 I can get it to work by forcing a password entry,  but this
> appears not to work with a 1.3.22 machine........
> continuing more confused than ever...
>
> ----- Original Message -----
> From: "Bruce Dobrin" <dobrin@imageworks.com>
> To: <cygwin@cygwin.com>
> Sent: Friday, May 30, 2003 4:46 PM
> Subject: Re: NTsec permissions issue over inet
>
>
> > Sorry,  On re-reading that,  it's not as clear as it could be,  the
> example
> > used in the previous e-mail ( below) was on a later version of cygwin,
> it
> > is not the 1.3.2  machine referred to earlier in the message.
> >
> > ----- Original Message -----
> > From: "Bruce Dobrin" <dobrin@imageworks.com>
> > To: <cygwin@cygwin.com>
> > Cc: <cygwin@cygwin.com>
> > Sent: Friday, May 30, 2003 4:37 PM
> > Subject: Re: NTsec permissions issue over inet
> >
> >
> > > Thanks for responding Larry,
> > >
> > > I actually had tried most permutations of (no)ntsec, (no)smbntsec,
> > (no)ntea,
> > > etc... and on other machines that didn't have weird path or passwd
> > > entries. -- no dice
> > >
> > > I think I may have a good hint as to what is going on,  but I'll
> need
> > > someone who knows the system better than I to figure out the
> solution.
> > >
> > > By the way I have around 300 machines here,  and I found one which
> is
> > > running cygwin1.3.2 and which works fine.  This leads me to think
> that
> it
> > is
> > > something to do with the hosts.equiv functionality which I believe
> was
> non
> > > functional before at 1.3.2 ( at least I didn't use it here).  I
> found
> > > machine that if I : forced the user to use a password and I set some
> > > permutations of the permissions...  it then works:  example:
> > >
> > > dobrin@THEODOLITE:/home/dobrin> rsh gable3
> > > Fanfare!!!
> > > ..........
> > > dobrin@GABLE3:/home/dobrin> echo $CYGWIN
> > > ntea nontsec smbntsec
> > > dobrin@GABLE3:/home/dobrin> cd //matilda/dist
> > > //matilda/dist: Permission denied.
> > >
> > > BUT,  If I force a passwd entry:
> > >
> > > dobrin@THEODOLITE:/home/dobrin> rsh gable3 -l poo
> > > Password:
> > > Login incorrect
> > > login: dobrin
> > > Password:
> > > Fanfare!!!
> > > ...........
> > > dobrin@GABLE3:/home/dobrin> echo $CYGWIN
> > > ntea nontsec smbntsec
> > > dobrin@GABLE3:/home/dobrin> cd //matilda/dist
> > > dobrin@GABLE3:/matilda/dist>
> > >
> > >
> > > Unfortunately I don't really think of this as a good solution ,  and
> it
> > > doesn't appear to work with my default $CYGWIN setup.
> > > Does this help at all?
> > > Thanks,
> > > Bruce
> > >
> > > ----- Original Message -----
> > > From: "Larry Hall" <cygwin@cygwin.com>
> > > To: "Bruce Dobrin" <dobrin@imageworks.com>
> > > Cc: <cygwin@cygwin.com>
> > > Sent: Thursday, May 29, 2003 7:14 PM
> > > Subject: Re: NTsec permissions issue over inet
> > >
> > >
> > > > Bruce Dobrin wrote:
> > > > > Here are the Cygcheck,  and Group files,  I'll include the my
> > (typical)
> > > > > passwd entry as we have a ( legitimate) policy against
> publishing
> our
> > > login
> > > > > id's ( I know it doesn't include encrypted passwd's, but with
> 650
> > > entries,
> > > > > but I'd like to reduce the fodder for someone's foreach loop
> thru a
> > > cracking
> > > > > program).
> > > > >
> > > > >
> > > > > representative passwd entries:
> > > > >
> > > > > SYSTEM:*:18:544:,S-1-5-18::
> > > > > Administrators:*:544:544:,S-1-5-32-544::
> > > > >
> > >
> >
> dobrin:unused_by_nt/2000/xp:11014:10512:Brucester,U-PRODUCTION\dobrin,S-
> 1-5-
> > > > > 21-501104424-1911818820-14498641-1014:/home/dobrin:/bin/bash
> > > > >
> > > > >
> > > > > Thanks
> > > > > Bruce Dobrin
> > > >
> > > >
> > > > Partial passwd entries is fine.  What you provided is adequate.
> > > >
> > > > The basics look OK.  I find two things in common between your
> > information
> > > > and Steve's:
> > > >
> > > >    1. You both appear to have a strange entry in your path.  I'm
> not
> > > >       sure if it's some weird artifact of cygcheck or if it's
> actually
> > > >       in the path.  In yours, you have a directory that looks like
> this:
> > > >
> > > >       "c
> > > >       C:\cygwin\program_files\diskaccess\bin"
> > > >
> > > >       Steve's is just "c".
> > > >
> > > >    2. You both have a carriage return as the last character in
> either
> > > >       your passwd or group files.
> > > >
> > > > Neither of these are clearly related to this issue but should be
> > > > investigated and cleaned up.  Also, neither of you set 'smbntsec'
> > > > in your CYGWIN environment variable (before starting Cygwin or any
> of
> > > > it's services).  Please do, just so we can rule this out as an
> issue.
> > > > Also, since you both claim that this used to work, please try
> removing
> > > > 'ntsec' and 'smbntsec' and/or adding 'nontsec' to your CYGWIN
> > environment
> > > > variable (before starting Cygwin or any of it's services).  This
> should
> > > > help pinpoint whether turning 'ntsec' on by default in recent
> releases
> > > > has any bearing.

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]