delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2009/04/21/13:28:57

X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Tue, 21 Apr 2009 19:28:28 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: [openssh] service with domain user
Message-ID: <20090421172828.GL8722@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <af075b00904210656p2e8005b6geaad28206f89c121 AT mail DOT gmail DOT com> <20090421153141 DOT GI8722 AT calimero DOT vinschen DOT de> <af075b00904210943mfa155e4ycabf9ba1ac2efc24 AT mail DOT gmail DOT com>
MIME-Version: 1.0
In-Reply-To: <af075b00904210943mfa155e4ycabf9ba1ac2efc24@mail.gmail.com>
User-Agent: Mutt/1.5.19 (2009-02-20)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Apr 21 17:43, Julio Costa wrote:
> On Tue, Apr 21, 2009 at 16:31, Corinna Vinschen wrote:
> > On Apr 21 14:56, Julio Costa wrote:
> >>
> >> I thought that the correct permissions/privileges were assigned in the
> >> ssh-host-config... isn't that so? How do I find what is missing?
> >
> > No, ssh-host-config can only set the user rights for the local account,
> > and it only does so if it has been asked to create the account.  If you
> > pre-create the account (as you have to do if you use a domain account),
> > you're responsible to give it the necessary rights yourself.
> 
> You mean, like in "shame on you domain user! take this broken wings
> and fly way!"?
> 
> Now seriously, I understand perfectly why it does not do that right
> now, taking the historical absence (as long as I can see) of
> domain-user-type users of Cygwin... but what if I asked "Shouldn't
> that kind of setup be done in the script?" (PTC is a logical answer,
> but still... I like to see it)

Well, PTC.  If you have a domain account, its rights are usually
administered centralized.  Who are we to change the user rights locally
for that user?  That's the responsibility of the admins.  And here's
another problem in domain environments:  If the environment is using
domain policies, you might even be out of luck to set the user rights at
all on your local machine.  Even in my tiny setup at home you would be
unable to install a domain member machine and change cyg_server's rights.

> Actually I'm a bit surprised with the amount of (small, tiny,
> amounting to a huge pile) problems that I've bumped into which are
> most of the time related to the fact I'm using a domain user...

Well, sorry about that.  You got what you paid for.  You're not the only
domain user out there.  You're expecting something which just isn't
there.  The script was meant to ease the installation for local users in
the first place.  In corporate or governmental environments I don't
expect the script to work OOTB.  The script will almost never meet the
requirements exactly.

> [...rants deleted...]

Again, these service installation scripts are a volunteer effort which
many users are happy with.  Due to the complexity of different Windows
installations they won't work smoothly in all environments.  Too bad the
script doesn't fit your needs, but, as others, I have only so much time
to work on that stuff.

And no, your environment is just one of many.  I know different
environments in corporate and governmental areas.

> Regarding editrights, I think that there is a problem also.
> Is the reported output in my previous email as expected?

No.  The account is missing the other rights I talked about in my first
reply.

> Do you want me to start another thread on that?

No.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019