X-Spam-Check-By: sourceware.org To: cygwin@cygwin.com From: mwoehlke Subject: Re: group"S-1-2-0"(users who login locally)in ssh;windows 2003 Date: Wed, 16 Aug 2006 14:44:35 -0500 Lines: 66 Message-ID: References: <200608161821.k7GIL5VW024015@tigris.pounder.sol.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060719 Thunderbird/1.5.0.5 Mnenhy/0.7.4.0 In-Reply-To: <200608161821.k7GIL5VW024015@tigris.pounder.sol.net> X-IsSubscribed: yes Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Tom Rodman wrote: > Hosts effected: > > several boxes running windows 2003 server w/cygwin (1.5.20s(0.155/4/2) 20060403 13:33:45) > > Problem (or feature?): > > when you ssh to these boxes, and run: > > $WINDIR/system32/whoami /all |grep -q S-1-2-0 || echo OOPs # "OOPS" echos :-< > > "S-1-2-0" == "Users who log on to terminals locally (physically) connected to the system." > > Under windows 2000 (also a different cygwin version), ssh sessions show group membership > in "S-1-2-0": > > $ '/drv/c/Program Files/Resource Kit/whoami' /all|grep S-1-2-0 > [Group 9] = "LOCAL" S-1-2-0 > > The reason I care is that is that several tools we call from cygwin, will > not run unless the session is in S-1-2-0. What makes you say this? What tools? > I'm not sure if this is a cygwin version issue, or due to windows 2003. > Any thoughts/can others test this in an ssh session?: > > $WINDIR/system32/whoami /all |grep -q S-1-2-0 || echo OOPs FWIW, on my 2k3 box, I show up as a member in S-1-2-0 both logged in "locally" (via Remote Desktop Sharing, with which I have never had anything "not work") and via Cygwin sshd. Under ssh, all privileges are "enabled", under "local", only SeChangeNotifyPrivilege, SeImpersonatePrivilege and SeCreateGlobalPrivilege are enabled. Here are all system group memberships "local" groups: --------------- Everyone Well-known group S-1-1-0 LOCAL Well-known group S-1-2-0 NT AUTH*\REMOTE INTERACTIVE LOGON Well-known group S-1-5-14 NT AUTH*\INTERACTIVE Well-known group S-1-5-4 NT AUTH*\Authenticated Users Well-known group S-1-5-11 NT AUTH*\This Organization Well-known group S-1-5-15 NT AUTH*\NTLM Authentication Well-known group S-1-5-64-10 BUILTIN\Administrators Alias S-1-5-32-544 BUILTIN\Users Alias S-1-5-32-545 (*Abbreviated for line-wrapping) ssh groups: ----------- Everyone Well-known group S-1-1-0 LOCAL Well-known group S-1-2-0 NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 NT AUTHORITY\SERVICE Well-known group S-1-5-6 BUILTIN\Administrators Alias S-1-5-32-544 BUILTIN\Users Alias S-1-5-32-545 This probably doesn't have much to do with your problem, but might relate to some of the other ssh problems people (including myself) have been having. -- Matthew vIMprove your life! Now on version 7! -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/