| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=oJfj2rui/u5frCtD | |
| ygPXwwqcnfJs1x1Z4ptukDAdEnjE/WsWksAyiVs6+dNTdfotA37+nqIK2nvDLC0Q | |
| eMV0CV+W9++CtYtNkPuf4bJRVqxnntUiIhfOQ2BH0dzqvqjkxiX1z5zrtQ48b3T/ | |
| 44OPSg2UBZ6y5GQZZr5gHL/RLOc= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=RNa0UtlB4TxqB9o4+USVPt | |
| Ww9II=; b=nXLKVfr+7qVTCE9PXsX/2AeMvXIazS3PM3KRiGAiI5OP8oud0+5HpI | |
| c2s01D9qo54zq/FlTduE1KY67fSR1GN7SrvG8Cya5JNtTwvGrsJL331abGcFMKJ6 | |
| L8by8Z22sCwF12XhHGHL53/dLQxIq4IzlGjenPL9yXOCZ/+DRNIXE= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| X-Spam-SWARE-Status: | No, score=-0.3 required=5.0 tests=AWL,BAYES_50,KHOP_RCVD_UNTRUST,KHOP_THREADED,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_NO,RCVD_IN_HOSTKARMA_W,RCVD_IN_HOSTKARMA_WL,RDNS_NONE autolearn=no version=3.3.1 |
| Message-id: | <5201C64E.5080701@cygwin.com> |
| Date: | Wed, 07 Aug 2013 00:00:14 -0400 |
| From: | "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com> |
| Reply-to: | cygwin AT cygwin DOT com |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 |
| MIME-version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: ssh login no longer allowed by local accounts other than main administrator account after taking machine off domain |
| References: | <CABSJGg3HywZZrXNfQHmivJOH0GrySZSBxA95XyjPmcngF6EHFA AT mail DOT gmail DOT com> |
| In-reply-to: | <CABSJGg3HywZZrXNfQHmivJOH0GrySZSBxA95XyjPmcngF6EHFA@mail.gmail.com> |
On 8/6/2013 6:50 PM, Yuki Ishibashi wrote: > (Sorry if this goes to the wrong place, I'm a little unfamiliar to the > cygwin mailing list and its usage) > > I wanted to thank Linda and Larry both for their responses to my > original post on Aug 2nd. > > Linda: Process Monitor was a helpful suggestion, however there are as > you have said probably far too many system process messages, and even > trying to filter for what I wanted has proved not helpful.... > > Larry: I did have the new users have ownership of their own /home/user > folders... What about the files and dot files underneath? Like I said, I suspect that scripts that are being run as part of the login are actually the cause of the "permission denied" message. You need to look at what those scripts are and what they are running. You may find that changing your shell to '/bin/sh' in your '/etc/passwd' file may help avoid the problem by skipping some of these init scripts. A different alternative is to try adding 'set -x' to '/etc/profile'. This will spit out every line of every script run on login, which should help you localize where the "permission denied" message comes from. > also /bin/bash.exe has 755 access, with user:old_admin group:Domain Users. Expected but you might as well change the group ownership to 513 (None). You could also change the user to something that exists on the local system. In my case, it's my user since I'm the one that installed Cygwin in the first place. :-) > The problem looks most similar to what the user marco atzeri posted here: > http://comments.gmane.org/gmane.os.cygwin/134144 > , (unfortunately there was no resolution) > > Perhaps what might help me is: > a) what are the standard permissions *supposed* to be on everything on > the cygwin terminal-side (i.e. 'ls -l /etc/*', etc), In general, things will default to be owned by the user that installed them and group 513 for a local user and 10513 for a domain user. Permissions are the most critical though. Those tend to default to 644 or 755, depending in whether the file is meant to be executable or not. But there are programs, like sshd, that require specific ownership and permissions to work properly. As I mentioned, ssh-host-config takes care of setting these permissions and ownerships but you may need to review the settings by hand as I'm not sure if the script will change ownerships/permissions of all the files it requires from a domain setup to a local one. > b) what account should the "CYGWIN sshd" service be running as in the > Windows side Depends what version of Windows you're running (did you say?) For XP it defaults to SYSTEM. On any later O/S, it should be cyg_server. Again, ssh-host-config will handle this for you. > c) what group should local users be in (i.e. 'mkpasswd -l' and > 'mkgroup 'l') - currently the local users are in group 513 (in mkgroup > -l that's "None"), sounds weird but that's what it was before I took > it off the domain, and it was working earlier. 513/None is fine. I'm in 513, 545, and 1001. I don't believe 1001 is significant. > d) Do i need to re-sync the mkpasswd -l with /etc/passwd and mkgroup > -l with /etc/group ? I had previously appended the newly created local > accounts (with associated SSIDs) to /etc/passwd using something like > "mkpasswd -l | grep newusername >> etc/passwd" (and something similar > for the /etc/group) That should be enough to add 'newusername'. I assume you mean '/etc/passwd' above. If you care to keep the previous contents of these files, what you did is fine. Otherwise, just create new files: mkpasswd -l -c >/etc/passwd mkgroup -l -c >/etc/group > I'm running into a brick wall here and not sure how I should approach > this... any general advice even would be appreciated, thanks so much! If all else fails or you just get tired of fiddling with the tuning knobs, move your current installation aside, follow the instructions in this FAQ - <http://cygwin.com/faq.html#faq.setup.uninstall-all>, reinstall, and reconfigure sshd (run ssh-host-config). If that doesn't solve the permission problems, then you may be in the same boat as Macro (i.e. BLODA). You'll have to start looking at the possibilities there. -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |