delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2008/07/04/18:24:02

X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
X-MDRemoteIP: 212.135.219.182
X-Return-Path: prvs=1071fe6e81=killing AT multiplay DOT co DOT uk
X-Envelope-From: killing AT multiplay DOT co DOT uk
X-MDaemon-Deliver-To: cygwin AT cygwin DOT com
Message-ID: <6C897634739C412CA4367B8530734B2F@multiplay.co.uk>
From: "Steven Hartland" <killing AT multiplay DOT co DOT uk>
To: <cygwin AT cygwin DOT com>
References: <E0174AD446AE4AF786ED30C69C9529CC AT multiplay DOT co DOT uk> <20080703125758 DOT GC10582 AT calimero DOT vinschen DOT de> <9519CD6573CA4B378AB436808C330A8C AT multiplay DOT co DOT uk> <20080704085528 DOT GH10582 AT calimero DOT vinschen DOT de> <83D9FB620178474D8B7E673F8BE88FBF AT multiplay DOT co DOT uk>
Subject: Re: chmod permission denied on windows 2008
Date: Fri, 4 Jul 2008 23:21:40 +0100
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-Spam-Processed: mail1.multiplay.co.uk, Fri, 04 Jul 2008 23:21:43 +0100
X-MDAV-Processed: mail1.multiplay.co.uk, Fri, 04 Jul 2008 23:21:46 +0100
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com 

------=_NextPart_000_00D1_01C8DE2C.B68EFA90
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=response
Content-Transfer-Encoding: 7bit


----- Original Message ----- 
From: "Steven Hartland"
>> That's weird.  Cygwin always enables the backup and restore privileges
>> if they are available.  The whoami printout in your previous mail
>> shows that the privilege is in the token.  But the above code shows
>> that the AdjustTokenPrivileges() call for the backup and restore
>> rights both fail with ERROR_NOT_ALL_ASSIGNED.  The problem is that
>> there's no indication why it fails.  Per MSDN this should only happen
>> if the privilege is not in the token.
>>
>> Bottom line is, there's nothing Cygwin can do about this.  Did you
>> look into the security event long?  Maybe there's a hint why this
>> fails.
> 
> You thought that was weird I just logged onto the box to test and look
> in the security event log and it just started working. No changes
> that I can find have been made, it was even the same cygwin prompt
> from the previous tests. If I find out what caused the change I will
> report back as I have another identical machine left to install.
> 
> Very strange, most appreciate your help on this.

Sorry seems I missed one critical element here. I thought I was doing
all the tests under a cygwin prompt but in fact the chown's I was
doing under an ssh'ed prompt. It works under a cygwin prompt on the
desktop but fails when I'm ssh'ed in. So this actually looks like it
may be a problem with ssh under 2008?

I've attached the output from whoami in both cases. A privaledege
missing from the sshd_server user may be? Note: ssh was installed
with a slightly older than latest version of cygwin so if this has
changed to support 2008 recently that could be where my problem lies.

    Regards
    Steve
------=_NextPart_000_00D1_01C8DE2C.B68EFA90
Content-Type: text/plain;
	format=flowed;
	name="prompt.txt";
	reply-type=response
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="prompt.txt"

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>which whoami
/cygdrive/c/Windows/system32/whoami

C:\Users\Administrator>whoami /all

USER INFORMATION
----------------

User Name            SID
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
blade0\administrator S-1-5-21-1034854827-3221323542-428946914-500


GROUP INFORMATION
-----------------

Group Name                            Type             SID          Attribu=
tes
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
Everyone                              Well-known group S-1-1-0      Mandato=
ry group, Enabled by default, Enabled group
BUILTIN\Administrators                Alias            S-1-5-32-544 Mandato=
ry group, Enabled by default, Enabled group, Group owner
BUILTIN\Users                         Alias            S-1-5-32-545 Mandato=
ry group, Enabled by default, Enabled group
NT AUTHORITY\REMOTE INTERACTIVE LOGON Well-known group S-1-5-14     Mandato=
ry group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE              Well-known group S-1-5-4      Mandato=
ry group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users      Well-known group S-1-5-11     Mandato=
ry group, Enabled by default, Enabled group
NT AUTHORITY\This Organization        Well-known group S-1-5-15     Mandato=
ry group, Enabled by default, Enabled group
LOCAL                                 Well-known group S-1-2-0      Mandato=
ry group, Enabled by default, Enabled group
NT AUTHORITY\NTLM Authentication      Well-known group S-1-5-64-10  Mandato=
ry group, Enabled by default, Enabled group
Mandatory Label\High Mandatory Level  Unknown SID type S-1-16-12288 Mandato=
ry group, Enabled by default, Enabled group


PRIVILEGES INFORMATION
----------------------

Privilege Name                  Description                               S=
tate
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=
=3D=3D=3D=3D=3D=3D=3D
SeIncreaseQuotaPrivilege        Adjust memory quotas for a process        D=
isabled
SeSecurityPrivilege             Manage auditing and security log          D=
isabled
SeTakeOwnershipPrivilege        Take ownership of files or other objects  D=
isabled
SeLoadDriverPrivilege           Load and unload device drivers            D=
isabled
SeSystemProfilePrivilege        Profile system performance                D=
isabled
SeSystemtimePrivilege           Change the system time                    D=
isabled
SeProfileSingleProcessPrivilege Profile single process                    D=
isabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority              D=
isabled
SeCreatePagefilePrivilege       Create a pagefile                         D=
isabled
SeBackupPrivilege               Back up files and directories             D=
isabled
SeRestorePrivilege              Restore files and directories             D=
isabled
SeShutdownPrivilege             Shut down the system                      D=
isabled
SeDebugPrivilege                Debug programs                            D=
isabled
SeSystemEnvironmentPrivilege    Modify firmware environment values        D=
isabled
SeChangeNotifyPrivilege         Bypass traverse checking                  E=
nabled
SeRemoteShutdownPrivilege       Force shutdown from a remote system       D=
isabled
SeUndockPrivilege               Remove computer from docking station      D=
isabled
SeManageVolumePrivilege         Perform volume maintenance tasks          D=
isabled
SeImpersonatePrivilege          Impersonate a client after authentication E=
nabled
SeCreateGlobalPrivilege         Create global objects                     E=
nabled
SeIncreaseWorkingSetPrivilege   Increase a process working set            D=
isabled
SeTimeZonePrivilege             Change the time zone                      D=
isabled
SeCreateSymbolicLinkPrivilege   Create symbolic links                     D=
isabled

C:\Users\Administrator>
------=_NextPart_000_00D1_01C8DE2C.B68EFA90
Content-Type: text/plain;
	format=flowed;
	name="ssh.txt";
	reply-type=response
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="ssh.txt"

[root AT blade0]/usr/local/games: /cygdrive/c/Windows/system32/whoami /all

USER INFORMATION
----------------

User Name          SID                                         
================== ============================================
blade0\sshd_server S-1-5-21-1034854827-3221323542-428946914-500


GROUP INFORMATION
-----------------

Group Name                       Type             SID          Attributes                                        
================================ ================ ============ ==================================================
Everyone                         Well-known group S-1-1-0      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11     Mandatory group, Enabled by default, Enabled group
LOCAL                            Well-known group S-1-2-0      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE         Well-known group S-1-5-4      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\SERVICE             Well-known group S-1-5-6      Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators           Alias            S-1-5-32-544 Mandatory group, Enabled by default, Enabled group
BUILTIN\Users                    Alias            S-1-5-32-545 Mandatory group, Enabled by default, Enabled group


PRIVILEGES INFORMATION
----------------------

Privilege Name                  Description                               State   
=============================== ========================================= ========
SeIncreaseQuotaPrivilege        Adjust memory quotas for a process        Enabled 
SeSecurityPrivilege             Manage auditing and security log          Enabled 
SeTakeOwnershipPrivilege        Take ownership of files or other objects  Disabled
SeLoadDriverPrivilege           Load and unload device drivers            Disabled
SeSystemProfilePrivilege        Profile system performance                Enabled 
SeSystemtimePrivilege           Change the system time                    Enabled 
SeProfileSingleProcessPrivilege Profile single process                    Enabled 
SeIncreaseBasePriorityPrivilege Increase scheduling priority              Enabled 
SeCreatePagefilePrivilege       Create a pagefile                         Enabled 
SeBackupPrivilege               Back up files and directories             Disabled
SeRestorePrivilege              Restore files and directories             Disabled
SeShutdownPrivilege             Shut down the system                      Enabled 
SeDebugPrivilege                Debug programs                            Disabled
SeSystemEnvironmentPrivilege    Modify firmware environment values        Enabled 
SeChangeNotifyPrivilege         Bypass traverse checking                  Enabled 
SeRemoteShutdownPrivilege       Force shutdown from a remote system       Enabled 
SeUndockPrivilege               Remove computer from docking station      Enabled 
SeManageVolumePrivilege         Perform volume maintenance tasks          Enabled 
SeImpersonatePrivilege          Impersonate a client after authentication Disabled
SeCreateGlobalPrivilege         Create global objects                     Enabled 

------=_NextPart_000_00D1_01C8DE2C.B68EFA90
Content-Type: text/plain; charset=us-ascii

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
------=_NextPart_000_00D1_01C8DE2C.B68EFA90--

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019