Mail Archives: cygwin/2000/05/19/10:07:08
James Dumser wrote:
> [...]
> NT. When I telnet or rsh in as a non-Administrators group user (the user
> is a member of Power Users, but not Administrators) and run id, I get
> uid=1003(jadu) gid=513(Administrators)
> My system/global CYGWIN is set to tty ntea ntsec, although that doesn't
> show up in rsh sessions.
There seem to be up to two different problems on your system:
- If you use rsh for login purposes, it calls rlogind on the host
side. Is it possible that you use inetutils-1.3.2 instead of
inetutils-1.3.2-2? I had uploaded it yesterday around 9:30am UTC
and announced in cygwin around 10:30am UTC.
rlogind had a problem in the previous version which could be
the reason that you couldn't see the CYGWIN env variable.
- Your /etc/passwd and /etc/group files aren't correct. Group
513 is _not_ `Administrators' but the group `None' on stand-alone
systems or `Domain Users' on systems which are NT domain members.
Group `Administrators' has SID 1-5-32-544 which results in GID
544 if you haven't changed it by yourself.
Hint:
NT doesn't manage group memberships in a responsible way on
stand-alone systems. No user (Admins, too) has a primary group
as it's managed in U*X like systems. Files created by any user
have the group `None' as their group entry. Nevertheless, if
you use ntsec and if you change your primary group membership
in /etc/passwd, this is taken into account by ntsec.
Example:
After calling `mkpasswd' and `mkgroup' you have the following
entries besides others:
/etc/passwd:
administrator::500:513:S-1-5-21-???-???-???-500:...
/etc/group:
Administrators:S-1-5-32-544:544:
None:S-1-5-21-???-???-???-513:
Login as Administrator, ntsec off:
$ touch x; ls -ln x
rw-r--r-- 1 544 513 ... x
Login as Administrator, ntsec on:
$ touch x; ls -ln x
rw-r--r-- 1 500 513 ... x
Change the Administrator line in /etc/passwd by hand to:
Administrator::500:544:...
Login as Administrator, ntsec on:
$ touch x; ls -ln x
rw-r--r-- 1 500 544 ... x
And another hint: You may change names as well as UIDs and
GIDs to completely different values if ntsec is on and if
(and only if!) you have correct S- entries!
And if you want to login via telnet/rlogin/rsh/ssh to
your account with changed name you must have that additional
U- entry in /etc/passwd!
For example if you want Admin user and group to be `root' in
cygwin, you may change passwd and group files to:
/etc/passwd:
root::0:0:U-Administrator,S-1-5-21-???-???-???-500:...
/etc/group:
root:S-1-5-32-544:0:
none:S-1-5-21-???-???-???-513:513:
Now login as root, ntsec on:
$ touch x; ls -ln x
rw-r--r-- 1 0 0 ... x
> One other discrepancy concerns file ownership. Logged in as jadu, ls
> -alF ~jadu shows
> [...]
> It appears the file owner follows whoever is logged in. Yet I (as
> Administrator) can't write to ~jadu:
Either this is related to the rlogind problem or you are
trying to use ntsec on a FAT partition. ntsec has no effect
on FAT partitions because it depends on the ability of the
file system to support access control lists.
Hope, that helps,
Corinna
--
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com
- Raw text -