Mail Archives: cygwin/2003/06/01/19:29:56
Steve,
On Windows, if you use the Windows sharing mechanism (instead of a
proprietary filesystem driver), your shares are SMB shares (which stands
for Server Message Block, IIRC). The 'smbntsec' option is designed for
those kinds of shares. If you do have a proprietary filesystem driver,
Cygwin most likely doesn't have any support for recognizing the security
attributes on that. <http://cygwin.com/acronyms/#PTC>. It's also
possible that the filesystem driver that you have is partly compatible
with the NTFS or SMB security, and some addition to the Cygwin codebase
to deal better with one or the other has accesses to features that aren't
available on your filesystem, so it stopped working.
Your login problem has nothing to do with the above. Unlike Linux, where
anyone can run "su" or "login", Windows NT variants require the user to
have extra privileges to be able to switch user context (create an access
token belonging to someone else).
<http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID> should explain
this somewhat.
Igor
On Sun, 1 Jun 2003, Stephen Banville wrote:
> HI Bruce,
>
> The reason I don't have smbntsec set is because the remote
> volumes are not Samba Shares. The interesting thing here is that when I
> ran an older version of Cygwin, this functionality would work just fine.
> I also tried the passwd trick (which didn't work as well.) I can't
> imagine what the problem could be ? At this time I am running out of
> ideas. My only hope at this time would be to enable some sort of a debug
> trace to see what component is actually failing during the login.
> Another interesting point to mention is that when I run the 'login'
> command within the shell, I cannot log in under my user name defined in
> the /etc/passwd file. Any ideas why this would ? This could somehow be
> related to my problem.
>
> Any help would be welcomed!!
>
> Steve
>
> -----Original Message-----
> From: cygwin-owner AT cygwin DOT com [mailto:cygwin-owner AT cygwin DOT com] On Behalf
> Of Bruce Dobrin
> Sent: Friday, May 30, 2003 8:20 PM
> To: cygwin AT cygwin DOT com
> Subject: Re: NTsec permissions issue over inet
>
> OK, further testing, I can't get the below rlogin "trick" to work on a
> 1.3.22 machine, the one it worked on is actually a 1.3.12 machine. so,
> with 1.3.12 I can get it to work by forcing a password entry, but this
> appears not to work with a 1.3.22 machine........
> continuing more confused than ever...
>
> ----- Original Message -----
> From: "Bruce Dobrin" <dobrin AT imageworks DOT com>
> To: <cygwin AT cygwin DOT com>
> Sent: Friday, May 30, 2003 4:46 PM
> Subject: Re: NTsec permissions issue over inet
>
>
> > Sorry, On re-reading that, it's not as clear as it could be, the
> example
> > used in the previous e-mail ( below) was on a later version of cygwin,
> it
> > is not the 1.3.2 machine referred to earlier in the message.
> >
> > ----- Original Message -----
> > From: "Bruce Dobrin" <dobrin AT imageworks DOT com>
> > To: <cygwin AT cygwin DOT com>
> > Cc: <cygwin AT cygwin DOT com>
> > Sent: Friday, May 30, 2003 4:37 PM
> > Subject: Re: NTsec permissions issue over inet
> >
> >
> > > Thanks for responding Larry,
> > >
> > > I actually had tried most permutations of (no)ntsec, (no)smbntsec,
> > (no)ntea,
> > > etc... and on other machines that didn't have weird path or passwd
> > > entries. -- no dice
> > >
> > > I think I may have a good hint as to what is going on, but I'll
> need
> > > someone who knows the system better than I to figure out the
> solution.
> > >
> > > By the way I have around 300 machines here, and I found one which
> is
> > > running cygwin1.3.2 and which works fine. This leads me to think
> that
> it
> > is
> > > something to do with the hosts.equiv functionality which I believe
> was
> non
> > > functional before at 1.3.2 ( at least I didn't use it here). I
> found
> > > machine that if I : forced the user to use a password and I set some
> > > permutations of the permissions... it then works: example:
> > >
> > > dobrin AT THEODOLITE:/home/dobrin> rsh gable3
> > > Fanfare!!!
> > > ..........
> > > dobrin AT GABLE3:/home/dobrin> echo $CYGWIN
> > > ntea nontsec smbntsec
> > > dobrin AT GABLE3:/home/dobrin> cd //matilda/dist
> > > //matilda/dist: Permission denied.
> > >
> > > BUT, If I force a passwd entry:
> > >
> > > dobrin AT THEODOLITE:/home/dobrin> rsh gable3 -l poo
> > > Password:
> > > Login incorrect
> > > login: dobrin
> > > Password:
> > > Fanfare!!!
> > > ...........
> > > dobrin AT GABLE3:/home/dobrin> echo $CYGWIN
> > > ntea nontsec smbntsec
> > > dobrin AT GABLE3:/home/dobrin> cd //matilda/dist
> > > dobrin AT GABLE3:/matilda/dist>
> > >
> > >
> > > Unfortunately I don't really think of this as a good solution , and
> it
> > > doesn't appear to work with my default $CYGWIN setup.
> > > Does this help at all?
> > > Thanks,
> > > Bruce
> > >
> > > ----- Original Message -----
> > > From: "Larry Hall" <cygwin AT cygwin DOT com>
> > > To: "Bruce Dobrin" <dobrin AT imageworks DOT com>
> > > Cc: <cygwin AT cygwin DOT com>
> > > Sent: Thursday, May 29, 2003 7:14 PM
> > > Subject: Re: NTsec permissions issue over inet
> > >
> > >
> > > > Bruce Dobrin wrote:
> > > > > Here are the Cygcheck, and Group files, I'll include the my
> > (typical)
> > > > > passwd entry as we have a ( legitimate) policy against
> publishing
> our
> > > login
> > > > > id's ( I know it doesn't include encrypted passwd's, but with
> 650
> > > entries,
> > > > > but I'd like to reduce the fodder for someone's foreach loop
> thru a
> > > cracking
> > > > > program).
> > > > >
> > > > >
> > > > > representative passwd entries:
> > > > >
> > > > > SYSTEM:*:18:544:,S-1-5-18::
> > > > > Administrators:*:544:544:,S-1-5-32-544::
> > > > >
> > >
> >
> dobrin:unused_by_nt/2000/xp:11014:10512:Brucester,U-PRODUCTION\dobrin,S-
> 1-5-
> > > > > 21-501104424-1911818820-14498641-1014:/home/dobrin:/bin/bash
> > > > >
> > > > >
> > > > > Thanks
> > > > > Bruce Dobrin
> > > >
> > > >
> > > > Partial passwd entries is fine. What you provided is adequate.
> > > >
> > > > The basics look OK. I find two things in common between your
> > information
> > > > and Steve's:
> > > >
> > > > 1. You both appear to have a strange entry in your path. I'm
> not
> > > > sure if it's some weird artifact of cygcheck or if it's
> actually
> > > > in the path. In yours, you have a directory that looks like
> this:
> > > >
> > > > "c
> > > > C:\cygwin\program_files\diskaccess\bin"
> > > >
> > > > Steve's is just "c".
> > > >
> > > > 2. You both have a carriage return as the last character in
> either
> > > > your passwd or group files.
> > > >
> > > > Neither of these are clearly related to this issue but should be
> > > > investigated and cleaned up. Also, neither of you set 'smbntsec'
> > > > in your CYGWIN environment variable (before starting Cygwin or any
> of
> > > > it's services). Please do, just so we can rule this out as an
> issue.
> > > > Also, since you both claim that this used to work, please try
> removing
> > > > 'ntsec' and 'smbntsec' and/or adding 'nontsec' to your CYGWIN
> > environment
> > > > variable (before starting Cygwin or any of it's services). This
> should
> > > > help pinpoint whether turning 'ntsec' on by default in recent
> releases
> > > > has any bearing.
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster." -- Patrick Naughton
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -