Mail Archives: cygwin/2016/08/02/12:54:58
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
|
| :list-unsubscribe:list-subscribe:list-archive:list-post
|
| :list-help:sender:date:subject:from:to:mime-version:content-type
|
| :content-transfer-encoding:message-id; q=dns; s=default; b=Th4f4
|
| KDHDjO25+87fzWL4KsUbSzFJ4JOjkFTnts83O9aSKFMcP0pGp9ZsLsSECgoAo1uo
|
| GJzdpgaW1pS2olXu3+lbh/wY3cWS/RMbTIx+KKjIn3JK42HncDk53lYK7kB6Sbcj
|
| 6KlhxbNqRbkKp4vfNbCiZ9BqA4g7bAKCp8g9co=
|
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
|
| :list-unsubscribe:list-subscribe:list-archive:list-post
|
| :list-help:sender:date:subject:from:to:mime-version:content-type
|
| :content-transfer-encoding:message-id; s=default; bh=5Fwl2pyV2Xf
|
| l9FbEfe03x1zyAFM=; b=SbiRd1TtDYxhYSyLnsto2OfrU5psj4Bhjfv0dAr9Swt
|
| dybz1Fx5ZI6gGgrl+t5PvzO8irUN4tnBB/uNZ5ek8MgDB6v5E6iPQpjLBuD6+ZkS
|
| GLdzSwNOehW+mSWvR5YLYSxNcAqeFvdSadChvloVEW2oo6vzSRjjNpsfY3Wgbxls
|
| =
|
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm
|
| List-Id: | <cygwin.cygwin.com>
|
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com>
|
| List-Archive: | <http://sourceware.org/ml/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
|
| Sender: | cygwin-owner AT cygwin DOT com
|
| Mail-Followup-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | mailing list cygwin AT cygwin DOT com
|
| Authentication-Results: | sourceware.org; auth=none
|
| X-Virus-Found: | No
|
| X-Spam-SWARE-Status: | No, score=1.6 required=5.0 tests=BAYES_50,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=station, 15th, shut, Qualified
|
| X-HELO: | smtp66.iad3a.emailsrvr.com
|
| X-SMTPDoctor-Processed: | csmtpprox beta
|
| X-Sender-Id: | rmora AT aboutgolf DOT com
|
| Date: | Tue, 2 Aug 2016 12:54:30 -0400 (EDT)
|
| Subject: | Re: /dev/ptmx fails with Azure accounts
|
| From: | "rmora AT aboutgolf DOT com" <rmora AT aboutgolf DOT com>
|
| To: | cygwin AT cygwin DOT com
|
| MIME-Version: | 1.0
|
| X-Type: | plain
|
| X-Auth-ID: | rmora AT aboutgolf DOT com
|
| Message-ID: | <1470156870.684316691@apps.rackspace.com>
|
| X-IsSubscribed: | yes
|
| X-MIME-Autoconverted: | from quoted-printable to 8bit by delorie.com id u72GstoP015572
|
[I'm so sorry I'm messing up the mailing list by not replying to the proper email.... I only just got it through my thick skull now to subscribe to the mailing list. I think my brain is on vacation already....]
Unfortunately your prediction was correct - RunAs Administrator CMD gives this:
C:\WINDOWS\system32>whoami
azuread\russellmora
C:\WINDOWS\system32>whoami /all
USER INFORMATION
----------------
User Name SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================= ================ ==================================================== ===============================================================
Mandatory Label\High Mandatory Level Label S-1-16-12288
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36 Mandatory group, Enabled by default, Enabled group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
=============================== ========================================= ========
SeLockMemoryPrivilege Lock pages in memory Disabled
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Disabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled
SeCreatePagefilePrivilege Create a pagefile Disabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled
SeUndockPrivilege Remove computer from docking station Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
C:\WINDOWS\system32>
-----Original Message-----
From: "rmora AT aboutgolf DOT com" <rmora AT aboutgolf DOT com>
Sent: Tuesday, August 2, 2016 11:44
To: corinna-cygwin AT cygwin DOT com, cygwin AT cygwin DOT com
Cc: towo AT towo DOT net
Subject: Re: /dev/ptmx fails with Azure accounts
<squeek squeek>
Though I am going on vacation in a couple of days until the 15th....
C:\Users\RussellMora>whoami
azuread\russellmora
C:\Users\RussellMora>whoami /fqdn
ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current
logged-on user is not a domain user.
C:\Users\RussellMora>whoami /all
USER INFORMATION
----------------
User Name SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================= ================ ==================================================== ==================================================
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36 Mandatory group, Enabled by default, Enabled group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
C:\Users\RussellMora>
On Aug 1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpt=
y()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
>=20
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
>=20
> I have no idea how to establish a working startup of mintty for those use=
rs.
The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts. I like it
how Microsoft screws up otherwise working software with this
strange domain handling.
To fix this we have to be able to come up with a working user and group
account for these cases. For that I need at least output from `whoami
/all'. I wonder why supposedly nobody tried that after /fqdn didn't
work.
This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows(). There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).
Alternatively I need at least a guinea pig with such an account,
Corinna
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -