Mail Archives: cygwin/2006/10/14/18:03:37
Andrew DeFaria wrote:
> Here's the story. I use Cygwin on my XP desktop. I like having a home
> directory on Windows that is the same home directory on Unix/Linux
> machines. Often companies offer access to your Unix/Linux home directory
> via Samba. Also, often companies do not bother to set up a Samba server
> wish participates in a domain, so the Samba server is configured as
> being in a workgroup.
>
> Now for a long time I struggled with this. I would map //<samba
> server>/<home share> -> my H drive then mount the H drive as /home and
> make sure my Cygwin /etc/password referred to my home directory of
> /home/$USER. All is great.
>
> But when dealing with Samba servers who are configured into workgroups
> innocuous activities in Cygwin would elicit permission denied messages.
> For example, touching a file in the home directory and indeed even
> vi'ing a file, etc. Creating a file within Windows Explorer or using
> other Windows oriented tools would work just fine. Files created on the
> Unix/Linux side would also work fine but when looked at from Cygwin on
> the PC would have odd (read "nobody") ownerships and permissions.
>
> Of course as Cygwin is often not supported by the typical company's IT
> department and because many people do not attempt to utilize Cygwin
> fully often requests for assistance and change fell on deaf ears...
>
> Eventually I figured out that my Windows SID in /etc/passwd is the SID
> of my domain user and since the Samba server was not in the domain my
> SID does not authenticate properly. Then I had a break through in that I
> realized that I was using SMBNTSEC as well as NTSEC in my Cygwin
> environment. I figured "Yeah I want to use the same Windows security for
> SMB mounted drives too". This is where my problem lies and it's because
> the Samba server configured by the client does not participate in the
> Windows domain from which I've logged in.
>
> Now I'm pretty sure that Samba could be configured properly into a
> Windows domain as Samba can be configured as a PDC or a BDC, but many
> clients don't bother to go that far. So why is Windows able to deal with
> this but not Cygwin?
>
> I believe that this is because within Samba a very basic approach is
> kept towards storing of user identification information. Indeed basic
> Samba just has an smbpasswd file which is much like your typical
> Unix/Linux /etc/passwd file and it is not designed to carry extra
> information about users and machine accounts as well as multiple groups
> and trust associations, etc. Even Samba documents talks about hooking
> Samba up to either LDAP or what they call a Trivial DataBase (TDB) in
> order to store such additional Windows only information.
>
> So I thought the simple solution was to remove SMBNTSEC from my Cygwin
> environment and all would be fine. And indeed it is! Well almost...
>
> Along comes ssh... So I like to use ssh to log into various Unix/Linux
> systems as I work. And again I share my home directory between Windows
> and Unix/Linux. Finally I like setting up passwordless public key ssh
> login as I'm not one of those who likes having to type in his password
> hundreds of times a day. But ssh's is picky about permissions of your
> ~/.ssh and ~/.ssh/id_<type> key files. When ssh'ing from Cygwin to a
> Unix/Linux box I am now receiving the following:
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for '/home/x0062320/.ssh/id_rsa' are too open.
> It is recommended that your private key files are NOT accessible by
> others.
> This private key will be ignored.
> bad permissions: ignore key: /home/x0062320/.ssh/id_rsa
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for '/home/x0062320/.ssh/id_dsa' are too open.
> It is recommended that your private key files are NOT accessible by
> others.
> This private key will be ignored.
> bad permissions: ignore key: /home/x0062320/.ssh/id_dsa
> x0062320 AT stashu's password:
>
> And, of course, I need to type in my password again! What I believe is
> happening is that because my home directory is SMB mounted and SMBNTSEC
> is off then Cygwin reports that files like ~/.ssh/id_rsa are 0644 even
> if I change them on Unix/Linux to 0600. So, for example:
>
> <unix box>$ ls -l ~/.ssh/id_rsa
> -rw------- 1 x0062320 generic 887 Aug 31 16:43
> /home/x0062320/.ssh/id_rsa
>
> While:
>
> <cygwin>$ ls -l ~/.ssh/id_rsa
> -rw-r--r-- 1 x0062320 Domain Users 887 Aug 31 16:43
> /home/x0062320/.ssh/id_rsa
>
> Is there any way to work around this problem (short of reconfiguring the
> Samba server)?
>
Not that I know of, no. You'd need to turn off "StrictModes" in the server
for this to work. An alternative might be for you to mount your .ssh
directory to something local.
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
216 Dalton Rd. (508) 893-9889 - FAX
Holliston, MA 01746
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -