Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Tue, 26 Jul 2005 16:14:15 -0400
From:	"Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Subject:	Re: ssh session can't see share permissions; rights for disk share reduced..
To:	<cygwin AT cygwin DOT com>
Reply-to:	"Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Message-id:	<176d01c5921e$9941fd00$3e0010ac@wirelessworld.airvananet.com>
MIME-version:	1.0

Tom Rodman wrote:

> Just upgraded to 1.5.18. Having several problems with
> network drives in ssh sessions - problems not seen in 1.5.10
> or earlier.  Here they are:
> 
> # ********************************************************************
> # ssh session can not read share permissions w/"setacl"
> # ********************************************************************
>   # -------------------------------------------------------------------- 
>   # reference (good/OK) example in console bash session
>   # (notice user staffuser1 is in group 'XYZ_ES_ADMIN')
>   # -------------------------------------------------------------------- 
>   ~ $ uname -a
>   CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown unknown Cygwin
>   ~ $ echo $CYGWIN
>   binmode tty ntsec smbntsec
>   ~ $ id
>   uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF)
> groups=0(root),544(Administrators),19858(ABC_NA-CTX-Notepad-A),10513(Domain
> Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users) ,545(Users)
>   ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
>   \\OurBox108\scm
> 
>     DACL(not_protected):
>      Everyone   read+SHARE_WRITE+WRITE_OWNER+WRITE_DAC   allow   no_inheritance
>     DOMxx1\XYZ_ES_ADMIN   full   allow   no_inheritance
> 
>   # -------------------------------------------------------------------- 
>   # failing example in ssh bash session
>   # -------------------------------------------------------------------- 
>   ~ $ uname -a
>   CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown unknown Cygwin
>   ~ $ echo $CYGWIN
>   binmode tty ntsec smbntsec
>   ~ $ id
>   uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF) groups=0(root),544(Administrators),10513(Domain
> Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users),545(Users)
>   ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
>   ERROR reading SD from <\\OurBox108\scm>: Access is denied.

I am assuming you use ssh with a password. Correct? If not, discard what follows.

This is probably due to a change in ssh, which in turn necessitated a change in Cygwin
to contact the domain server to obtain the groups you belong to, even before ssh
logs you in.

Looks like your server is omitting the group ABC_NA-CTX-Notepad-A  This causes
Cygwin to generate an internal  token to log you in, instead of using the token provided by
Windows from your ID/passwd. Your domain does not trust the credentials produced by
Cygwin.

If the above is true, here is a workaround:
edit /etc/group and add "staffuser1" at the end of the line for the group ABC_NA-CTX-Notepad-A
(which should have gid 19858).
This will remedy the problem with the domain server.

It would be nice to understand why a group is not reported (probably a security issue) but
doing so probably requires help from a knowledgeable and helpful network admin.  

Pierre



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -