Mail Archives: cygwin/2014/05/07/10:09:27

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/05/07/10:09:27

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

q=dns; s=default; b=nQvl3xau6fk69oX+iUDEBAFrLjSfZGw2szJKwMBV9WB

hP1rR3nz0bQMNZ2zTAgQ4DXrnRZtimAGnLXnSlb7bLb/NYq9w/+yJKONGYQpsCqC

QKOqHqjCXjdR5NpWKpBlXYKCUNZ4je5JSSo9RG0iTQBni2POylh8bOsUGjsnpC9U

=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

s=default; bh=pEBjmVrAA6FYmbZ+GqeXo9CSZbE=; b=VK5/kzgUD+ArdDXZw

GsLoBmc94PtEU0KAbdnBh7Bz6KnBQiCBxdCFkEyzB+Ig7xjkzkSaQYxo0lTESXSU

xg+rALyt1dW3N2ImuYB0Q6JVjJdPiZCo3assK2+PU3iaMVQkbHKHshkwEvsoGfjC

LmsDFC35SfVEpNMukKPpBggafE=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2

X-HELO: mail-ie0-f172.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=jj5FIdifUsG5ilHfZtCG2JqNfvHHdyzrQef2VLp6gkM=; b=WgA+5Vp2uom6KKFuPuMLvX3cpND/JGRQnHhtdYIPlZr37TN4VB9+oFw331H0mvq2PV +ij2pOb9RYrKsjIvki+3a+nIsNrj7384VZgpmbZyz0sJKyL8zDifdY+4JOX85o9nSE/w sy6eQ6WYNThoICAhqTY4lRjH2YUlaV7PTxFw7LFNuSG/NtY+/fBip+miWf81h7rGjamo uEqw8zzKeq2tKaxbxqDxHyFrizC40xCggiPCP+ex1XZSihywThBZBCpar+almxyTQKpI 4tlxFckXq2G8sxPrzYIOFysLtonlhlklow7IxcZnE16wdna38x8JHWlR/Wi+4346pgSu fiHg==

X-Gm-Message-State: ALoCoQlGNvBHrSpuj51909Ad3hu3SMIyvXMB9RTFsCsBT7Lnj2NeVGLj3BZ22X2ybBEEBXl0C25+

X-Received: by 10.50.61.142 with SMTP id p14mr43772470igr.12.1399471747378; Wed, 07 May 2014 07:09:07 -0700 (PDT)

Message-ID: <536A3E80.2060602@breisch.org>

Date: Wed, 07 May 2014 10:09:04 -0400

From: "Chris J. Breisch" <chris DOT ml AT breisch DOT org>

User-Agent: Postbox 3.0.9 (Windows/20140128)

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: Microsoft Accounts (was Re: Problem with "None" Group on Non-Domain Members)

References: <5367ACED DOT 40409 AT breisch DOT org> <20140505154230 DOT GB7694 AT calimero DOT vinschen DOT de> <5367B990 DOT 8050907 AT breisch DOT org> <20140505165723 DOT GM30918 AT calimero DOT vinschen DOT de> <5367DEE5 DOT 5010407 AT breisch DOT org> <20140506125203 DOT GO30918 AT calimero DOT vinschen DOT de> <53691564 DOT 1070200 AT breisch DOT org> <20140506171626 DOT GZ30918 AT calimero DOT vinschen DOT de> <53692867 DOT 4060305 AT breisch DOT org> <20140507115730 DOT GE30918 AT calimero DOT vinschen DOT de> <20140507124038 DOT GG30918 AT calimero DOT vinschen DOT de>

In-Reply-To: <20140507124038.GG30918@calimero.vinschen.de>

X-IsSubscribed: yes

Corinna Vinschen wrote:
> On May  7 13:57, Corinna Vinschen wrote:
>> I toyed around with the Microsoft Account a bit more.  And here's why
>> the primary group SID being identical to the user SID is not a good
>> idea:
>>
>>    Security checks.
>>
>> For instance:
>>
>>    $ echo $USER
>>    VMBERT8164+local_000
>>    $ screen
>>    Directory /tmp/uscreens/S-VMBERT8164+local_000 must have mode 700.
>>
>> Huh?
>>
>>    $ ls -l /tmp/uscreens/
>>    total 0
>>    drwxrwx---+ 1 VMBERT8164+local_000 VMBERT8164+local_000 0 May  7 12:44 S-VMBERT8164+local_000
>>
>> Uh Oh.
>>
>> This will be a problem with other security sensitive applications, too.
>> Sshd comes to mind.
>>
>> So I guess we really should make sure the primary group SID is some
>> valid group, not the user's SID.
>>
>> "None" is not an option since it's not in the user token group list.
>>
>> "Users" seems to be the best choice at first sight.
>>
>> Alternatively we could use the S-1-11-xxx SID of the Microsoft Account.
>> That would be in line with the idea to have a user-specific primary
>> group.
>>
>> Thoughts?
>
> And here's a problem which I'm not sure how to solve at all:
>
> When calling the latest mkpasswd, the primary group of the local
> user account backing the Microsoft Account will *still* be "None".
>
> The reason is that the local account is just the same old account
> as usual.  Its default primary group *is* "None".
>
> Only when logging in via the Micosoft Account email address, the
> user token will not reflect what's stored in the local SAM, but
> will have been changed by the OS as outlined in this thread.
>
> So, when a user decides to create a passwd file rather than using
> the SAM/DB code in Cygwin, the information generated by mkpasswd
> will not match the user token, and the primary group stored in
> /etc/passwd will not even be available at all in the user token.
>
> I have not the faintest idea how to workaround this schizophrenia.
>
>
> Corinna
>
Oh wow. It took me two reads of this to understand it. Caffeine is 
finally kicking in, I guess. Unless you just want to hard code the 
primary group that mkpasswd generates to "Users" for any account that it 
would tend to want to set as "None". That would be some smelly code though.

-- 
Chris J. Breisch

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	q=dns; s=default; b=nQvl3xau6fk69oX+iUDEBAFrLjSfZGw2szJKwMBV9WB
	hP1rR3nz0bQMNZ2zTAgQ4DXrnRZtimAGnLXnSlb7bLb/NYq9w/+yJKONGYQpsCqC
	QKOqHqjCXjdR5NpWKpBlXYKCUNZ4je5JSSo9RG0iTQBni2POylh8bOsUGjsnpC9U
	=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	s=default; bh=pEBjmVrAA6FYmbZ+GqeXo9CSZbE=; b=VK5/kzgUD+ArdDXZw
	GsLoBmc94PtEU0KAbdnBh7Bz6KnBQiCBxdCFkEyzB+Ig7xjkzkSaQYxo0lTESXSU
	xg+rALyt1dW3N2ImuYB0Q6JVjJdPiZCo3assK2+PU3iaMVQkbHKHshkwEvsoGfjC
	LmsDFC35SfVEpNMukKPpBggafE=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	mail-ie0-f172.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=jj5FIdifUsG5ilHfZtCG2JqNfvHHdyzrQef2VLp6gkM=; b=WgA+5Vp2uom6KKFuPuMLvX3cpND/JGRQnHhtdYIPlZr37TN4VB9+oFw331H0mvq2PV +ij2pOb9RYrKsjIvki+3a+nIsNrj7384VZgpmbZyz0sJKyL8zDifdY+4JOX85o9nSE/w sy6eQ6WYNThoICAhqTY4lRjH2YUlaV7PTxFw7LFNuSG/NtY+/fBip+miWf81h7rGjamo uEqw8zzKeq2tKaxbxqDxHyFrizC40xCggiPCP+ex1XZSihywThBZBCpar+almxyTQKpI 4tlxFckXq2G8sxPrzYIOFysLtonlhlklow7IxcZnE16wdna38x8JHWlR/Wi+4346pgSu fiHg==
X-Gm-Message-State:	ALoCoQlGNvBHrSpuj51909Ad3hu3SMIyvXMB9RTFsCsBT7Lnj2NeVGLj3BZ22X2ybBEEBXl0C25+
X-Received:	by 10.50.61.142 with SMTP id p14mr43772470igr.12.1399471747378; Wed, 07 May 2014 07:09:07 -0700 (PDT)
Message-ID:	<536A3E80.2060602@breisch.org>
Date:	Wed, 07 May 2014 10:09:04 -0400
From:	"Chris J. Breisch" <chris DOT ml AT breisch DOT org>
User-Agent:	Postbox 3.0.9 (Windows/20140128)
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: Microsoft Accounts (was Re: Problem with "None" Group on Non-Domain Members)
References:	<5367ACED DOT 40409 AT breisch DOT org> <20140505154230 DOT GB7694 AT calimero DOT vinschen DOT de> <5367B990 DOT 8050907 AT breisch DOT org> <20140505165723 DOT GM30918 AT calimero DOT vinschen DOT de> <5367DEE5 DOT 5010407 AT breisch DOT org> <20140506125203 DOT GO30918 AT calimero DOT vinschen DOT de> <53691564 DOT 1070200 AT breisch DOT org> <20140506171626 DOT GZ30918 AT calimero DOT vinschen DOT de> <53692867 DOT 4060305 AT breisch DOT org> <20140507115730 DOT GE30918 AT calimero DOT vinschen DOT de> <20140507124038 DOT GG30918 AT calimero DOT vinschen DOT de>
In-Reply-To:	<20140507124038.GG30918@calimero.vinschen.de>
X-IsSubscribed:	yes