Mail Archives: cygwin/2003/06/02/20:15:53
----- Original Message -----
From: "Bruce Dobrin" <dobrin AT imageworks DOT com>
To: "Bruce Dobrin" <dobrin AT imageworks DOT com>; <cygwin AT cygwin DOT com>
Sent: Monday, June 02, 2003 8:04 PM
Subject: Re: NTsec permissions issue over inet
> I tried executing a the command via a socket directly: by asigning a
script
> via inet.conf, it still gave me permission denied. I turned off
> inetd/xinetd and hacked together a server with perl to exec the same
script
> and it had no permission problems. it looks like a problem common to
inetd
> and xinetd but not cygwin specifically:
>
> EXAMPLE:
>
> ######(socket 1824 defined in inetd.conf and /etc/services file)
>
> dobrin AT THEODOLITE:/home/dobrin>telnet castro 1824
> responds:
> pwd
> /c/WINNT/system32
> ls -al //matilda/setup
> ls: //matilda/setup: No such file or directory
> /c/WINNT/system32/dfscmd.exe /view \\\\dfsmaster\\dfsshare > poop
> cat poop
> System error 1355 has occurred.
> The specified domain either does not exist or could not be contacted.
>
> #######( perl script listening on socket 2345 )
>
> dobrin AT THEODOLITE:/home/dobrin>telnet castro 2345
> responds:
> pwd
> /home/dobrin
> ls -al //matilda/setup
> drwxrwxrwx+ 1 Administ Domain A 32768 May 30 18:45 .
> drwxrwxrwx+ 1 Administ Domain A 0 May 8 14:07 2ksrv_image
> drwxrwxrwx+ 1 Administ Domain A 0 Feb 27 20:55 3dmaxupdate
> drwxrwxrwx+ 1 Administ Domain A 0 Mar 26 11:08 ACDSee
> .........
> /c/WINNT/system32/dfscmd.exe /view \\\\dfsmaster\\dfsshare > poop
> cat poop
> \\DFSMASTER\dfsroot
> \\DFSMASTER\dfsroot\shots\vol780
> \\DFSMASTER\dfsroot\pipe\usr_pasquini\trash
> The command completed successfully.
>
>
>
> ----- Original Message -----
> From: "Bruce Dobrin" <dobrin AT imageworks DOT com>
> To: "Banville, Stephen" <Stephen DOT Banville AT sycamorenet DOT com>;
> <cygwin AT cygwin DOT com>
> Sent: Monday, June 02, 2003 12:37 PM
> Subject: Re: NTsec permissions issue over inet
>
>
> > hmmm, still experimenting: thought it might have something to do with
> > inetd and mounts, but I also tried rlogin to <localhost> which is
> running
> > init and xinetd and issueing a dfscmd:
> >
> > dobrin AT THEODOLITE:/home/dobrin> dfscmd /view \\\\dfsmaster\\dfsshare
> > \\DFSMASTER\dfsroot
> > \\DFSMASTER\dfsroot\shots\vol780
> > \\DFSMASTER\dfsroot\pipe\usr_pasquini\trash
> > The command completed successfully.
> > dobrin AT THEODOLITE:/home/dobrin> rsh localhost
> > Last login: Mon Jun 2 12:30:41 from THEODOLITE.spimageworks.com
> > Fanfare!!!
> > You are successfully logged in to this server!!!
> > dobrin AT THEODOLITE:/home/dobrin> dfscmd /view \\\\dfsmaster\\dfsshare
> > System error 5 has occurred.
> >
> > Access is denied.
> >
> > :::: still confused...
> >
> >
> > ----- Original Message -----
> > From: "Banville, Stephen" <Stephen DOT Banville AT sycamorenet DOT com>
> > To: <cygwin AT cygwin DOT com>; "Stephen Banville" <sbanville AT attbi DOT com>
> > Cc: "'Bruce Dobrin'" <dobrin AT imageworks DOT com>; "Banville, Stephen"
> > <Stephen DOT Banville AT sycamorenet DOT com>
> > Sent: Monday, June 02, 2003 5:32 AM
> > Subject: RE: NTsec permissions issue over inet
> >
> >
> > > Igor,
> > > I tried settting smbntsec and it did not work. With older version I
> > > used to
> > > just set ntsec, make the passwd and group files, and everything would
> just
> > > work
> > > the way I would expect. Something has changed in the way cygwin
handles
> NT
> > > security.
> > > I am running a generic version of windows 2000 with no thrid party
> filesys
> > > drivers.
> > > I don't believe that it's aproblem with my configuration because older
> > > version of
> > > Cygwin have worked just fine. As of now all suggestions have not been
> > > successful.
> > > It sounds like a new bug has been introduced surrounding NT security.
> > >
> > > Steve
> > >
> > > -----Original Message-----
> > > From: Igor Pechtchanski [mailto:pechtcha AT cs DOT nyu DOT edu]
> > > Sent: Sunday, June 01, 2003 7:30 PM
> > > To: Stephen Banville
> > > Cc: 'Bruce Dobrin'; cygwin AT cygwin DOT com;
stephen DOT banville AT sycamorenet DOT com
> > > Subject: RE: NTsec permissions issue over inet
> > >
> > >
> > > Steve,
> > >
> > > On Windows, if you use the Windows sharing mechanism (instead of a
> > > proprietary filesystem driver), your shares are SMB shares (which
stands
> > > for Server Message Block, IIRC). The 'smbntsec' option is designed
for
> > > those kinds of shares. If you do have a proprietary filesystem
driver,
> > > Cygwin most likely doesn't have any support for recognizing the
security
> > > attributes on that. <http://cygwin.com/acronyms/#PTC>. It's also
> > > possible that the filesystem driver that you have is partly compatible
> > > with the NTFS or SMB security, and some addition to the Cygwin
codebase
> > > to deal better with one or the other has accesses to features that
> aren't
> > > available on your filesystem, so it stopped working.
> > >
> > >
> > >
> > > Your login problem has nothing to do with the above. Unlike Linux,
> where
> > > anyone can run "su" or "login", Windows NT variants require the user
to
> > > have extra privileges to be able to switch user context (create an
> access
> > > token belonging to someone else).
> > > <http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID> should
explain
> > > this somewhat.
> > > Igor
> > >
> > > On Sun, 1 Jun 2003, Stephen Banville wrote:
> > >
> > > > HI Bruce,
> > > >
> > > > The reason I don't have smbntsec set is because the remote
> > > > volumes are not Samba Shares. The interesting thing here is that
when
> I
> > > > ran an older version of Cygwin, this functionality would work just
> fine.
> > > > I also tried the passwd trick (which didn't work as well.) I can't
> > > > imagine what the problem could be ? At this time I am running out of
> > > > ideas. My only hope at this time would be to enable some sort of a
> debug
> > > > trace to see what component is actually failing during the login.
> > > > Another interesting point to mention is that when I run the 'login'
> > > > command within the shell, I cannot log in under my user name defined
> in
> > > > the /etc/passwd file. Any ideas why this would ? This could somehow
be
> > > > related to my problem.
> > > >
> > > > Any help would be welcomed!!
> > > >
> > > > Steve
> > > >
> > > > -----Original Message-----
> > > > From: cygwin-owner AT cygwin DOT com [mailto:cygwin-owner AT cygwin DOT com] On
> Behalf
> > > > Of Bruce Dobrin
> > > > Sent: Friday, May 30, 2003 8:20 PM
> > > > To: cygwin AT cygwin DOT com
> > > > Subject: Re: NTsec permissions issue over inet
> > > >
> > > > OK, further testing, I can't get the below rlogin "trick" to work
on
> a
> > > > 1.3.22 machine, the one it worked on is actually a 1.3.12 machine.
> so,
> > > > with 1.3.12 I can get it to work by forcing a password entry, but
> this
> > > > appears not to work with a 1.3.22 machine........
> > > > continuing more confused than ever...
> > > >
> > > > ----- Original Message -----
> > > > From: "Bruce Dobrin" <dobrin AT imageworks DOT com>
> > > > To: <cygwin AT cygwin DOT com>
> > > > Sent: Friday, May 30, 2003 4:46 PM
> > > > Subject: Re: NTsec permissions issue over inet
> > > >
> > > >
> > > > > Sorry, On re-reading that, it's not as clear as it could be,
the
> > > > example
> > > > > used in the previous e-mail ( below) was on a later version of
> cygwin,
> > > > it
> > > > > is not the 1.3.2 machine referred to earlier in the message.
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Bruce Dobrin" <dobrin AT imageworks DOT com>
> > > > > To: <cygwin AT cygwin DOT com>
> > > > > Cc: <cygwin AT cygwin DOT com>
> > > > > Sent: Friday, May 30, 2003 4:37 PM
> > > > > Subject: Re: NTsec permissions issue over inet
> > > > >
> > > > >
> > > > > > Thanks for responding Larry,
> > > > > >
> > > > > > I actually had tried most permutations of (no)ntsec,
(no)smbntsec,
> > > > > (no)ntea,
> > > > > > etc... and on other machines that didn't have weird path or
passwd
> > > > > > entries. -- no dice
> > > > > >
> > > > > > I think I may have a good hint as to what is going on, but I'll
> > > > need
> > > > > > someone who knows the system better than I to figure out the
> > > > solution.
> > > > > >
> > > > > > By the way I have around 300 machines here, and I found one
which
> > > > is
> > > > > > running cygwin1.3.2 and which works fine. This leads me to
think
> > > > that
> > > > it
> > > > > is
> > > > > > something to do with the hosts.equiv functionality which I
believe
> > > > was
> > > > non
> > > > > > functional before at 1.3.2 ( at least I didn't use it here). I
> > > > found
> > > > > > machine that if I : forced the user to use a password and I set
> some
> > > > > > permutations of the permissions... it then works: example:
> > > > > >
> > > > > > dobrin AT THEODOLITE:/home/dobrin> rsh gable3
> > > > > > Fanfare!!!
> > > > > > ..........
> > > > > > dobrin AT GABLE3:/home/dobrin> echo $CYGWIN
> > > > > > ntea nontsec smbntsec
> > > > > > dobrin AT GABLE3:/home/dobrin> cd //matilda/dist
> > > > > > //matilda/dist: Permission denied.
> > > > > >
> > > > > > BUT, If I force a passwd entry:
> > > > > >
> > > > > > dobrin AT THEODOLITE:/home/dobrin> rsh gable3 -l poo
> > > > > > Password:
> > > > > > Login incorrect
> > > > > > login: dobrin
> > > > > > Password:
> > > > > > Fanfare!!!
> > > > > > ...........
> > > > > > dobrin AT GABLE3:/home/dobrin> echo $CYGWIN
> > > > > > ntea nontsec smbntsec
> > > > > > dobrin AT GABLE3:/home/dobrin> cd //matilda/dist
> > > > > > dobrin AT GABLE3:/matilda/dist>
> > > > > >
> > > > > >
> > > > > > Unfortunately I don't really think of this as a good solution ,
> and
> > > > it
> > > > > > doesn't appear to work with my default $CYGWIN setup.
> > > > > > Does this help at all?
> > > > > > Thanks,
> > > > > > Bruce
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Larry Hall" <cygwin AT cygwin DOT com>
> > > > > > To: "Bruce Dobrin" <dobrin AT imageworks DOT com>
> > > > > > Cc: <cygwin AT cygwin DOT com>
> > > > > > Sent: Thursday, May 29, 2003 7:14 PM
> > > > > > Subject: Re: NTsec permissions issue over inet
> > > > > >
> > > > > >
> > > > > > > Bruce Dobrin wrote:
> > > > > > > > Here are the Cygcheck, and Group files, I'll include the
my
> > > > > (typical)
> > > > > > > > passwd entry as we have a ( legitimate) policy against
> > > > publishing
> > > > our
> > > > > > login
> > > > > > > > id's ( I know it doesn't include encrypted passwd's, but
with
> > > > 650
> > > > > > entries,
> > > > > > > > but I'd like to reduce the fodder for someone's foreach loop
> > > > thru a
> > > > > > cracking
> > > > > > > > program).
> > > > > > > >
> > > > > > > >
> > > > > > > > representative passwd entries:
> > > > > > > >
> > > > > > > > SYSTEM:*:18:544:,S-1-5-18::
> > > > > > > > Administrators:*:544:544:,S-1-5-32-544::
> > > > > > > >
> > > > > >
> > > > >
> > > >
> dobrin:unused_by_nt/2000/xp:11014:10512:Brucester,U-PRODUCTION\dobrin,S-
> > > > 1-5-
> > > > > > > > 21-501104424-1911818820-14498641-1014:/home/dobrin:/bin/bash
> > > > > > > >
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > > Bruce Dobrin
> > > > > > >
> > > > > > >
> > > > > > > Partial passwd entries is fine. What you provided is
adequate.
> > > > > > >
> > > > > > > The basics look OK. I find two things in common between your
> > > > > information
> > > > > > > and Steve's:
> > > > > > >
> > > > > > > 1. You both appear to have a strange entry in your path.
I'm
> > > > not
> > > > > > > sure if it's some weird artifact of cygcheck or if it's
> > > > actually
> > > > > > > in the path. In yours, you have a directory that looks
> like
> > > > this:
> > > > > > >
> > > > > > > "c
> > > > > > > C:\cygwin\program_files\diskaccess\bin"
> > > > > > >
> > > > > > > Steve's is just "c".
> > > > > > >
> > > > > > > 2. You both have a carriage return as the last character in
> > > > either
> > > > > > > your passwd or group files.
> > > > > > >
> > > > > > > Neither of these are clearly related to this issue but should
be
> > > > > > > investigated and cleaned up. Also, neither of you set
> 'smbntsec'
> > > > > > > in your CYGWIN environment variable (before starting Cygwin or
> any
> > > > of
> > > > > > > it's services). Please do, just so we can rule this out as an
> > > > issue.
> > > > > > > Also, since you both claim that this used to work, please try
> > > > removing
> > > > > > > 'ntsec' and 'smbntsec' and/or adding 'nontsec' to your CYGWIN
> > > > > environment
> > > > > > > variable (before starting Cygwin or any of it's services).
This
> > > > should
> > > > > > > help pinpoint whether turning 'ntsec' on by default in recent
> > > > releases
> > > > > > > has any bearing.
> > >
> > > --
> > > http://cs.nyu.edu/~pechtcha/
> > > |\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu
> > > ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com
> > > |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski
> > > '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
> > >
> > > "I have since come to realize that being between your mentor and his
> route
> > > to the bathroom is a major career booster." -- Patrick Naughton
> > >
Bruce-
To ask the obvious-
Are you SURE that Microsoft dfscmd is supported in CYGWIN?
Martin
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -