Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com Message-ID: <383EDD46.4D5312A2@ece.gatech.edu> Date: Fri, 26 Nov 1999 14:19:34 -0500 From: "Charles S. Wilson" X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Corinna Vinschen CC: cygwin AT sourceware DOT cygnus DOT com Subject: Re: ntsec: What am I doing wrong? References: <383E006C DOT 3FC7047 AT ece DOT gatech DOT edu> <383E6E5D DOT 604BA8FA AT vinschen DOT de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I'm using the 1999-11-22 cygwin-inst with the 1999-11-23 cygwin1.dll. All drives except C:\ (mounted as /c) are NTFS. And the example I gave *was* real -- I wasn't making up the fact that 'id' reported UID/GID's of "0" or that 'ls -l' said "user" and "group" instead of "cwilson" and "None". output of 'mkpasswd -l' ***************** Everyone:*:0:0:,S-1-1-0:: SYSTEM:*:18:18:,S-1-5-18:: Administrator::500:513:,S-1-5-21-144006512-467950226-1660491571-500:/e/Users/Administrator:/bin/sh cwilson::1002:513:Charles Wilson,S-1-5-21-144006512-467950226-1660491571-1002:/e/Users/cwilson:/bin/sh Guest::501:513:,S-1-5-21-144006512-467950226-1660491571-501::/bin/sh pehite::1004:513:Preston E. Hite,S-1-5-21-144006512-467950226-1660491571-1004:/e/Users/pehite:/bin/sh services::1001:513:services,S-1-5-21-144006512-467950226-1660491571-1001:/e/Users/services:/bin/sh thudson::1003:513:Tina Hudson,S-1-5-21-144006512-467950226-1660491571-1003:/e/Users/thudson:/bin/sh output of 'mkgroup -l' ***************** Everyone:S-1-1-0:0: SYSTEM:S-1-5-18:18: None:S-1-5-21-144006512-467950226-1660491571-513:513: Administrators:S-1-5-32-544:544: Backup Operators:S-1-5-32-551:551: Guests:S-1-5-32-546:546: Power Users:S-1-5-32-547:547: Replicator:S-1-5-32-552:552: Users:S-1-5-32-545:545: NoLocalLogon:S-1-5-21-144006512-467950226-1660491571-1005:1005: SU Users:S-1-5-21-144006512-467950226-1660491571-1000:1000: output of 'id' (logged in as "Administrator") ***************** uid=0(user) gid=0(group) output of 'ls -l' (logged in as "Administrator") ***************** total 936 drwxrwxrwx 1 user group 0 Mar 25 1999 APPS -rw-rw-rw- 1 user group 524288 Jun 24 23:16 Application Log File Thru 6.24.99.evt -rwxrwxrwx 1 user group 75 Jan 16 1999 CMDAUTO.CMD drwxrwxrwx 1 user group 0 Feb 27 1999 DRIVES -rw-rw-rw- 1 user group 230 Feb 28 1999 MACROS.TXT drwxrwxrwx 1 user group 0 Oct 2 21:55 Net -rw-rw-rw- 1 user group 37888 Jul 10 1997 NewAutoShapes.xls -rwxrwxrwx 1 user group 731 Feb 28 1999 NewUser.cmd -rw-rw-rw- 1 user group 103 Feb 28 1999 NewUser.tmp1 -rw-rw-rw- 1 user group 4991 Feb 28 1999 NewUser.tmp2 -rw-rw-rw- 1 user group 327680 Jun 24 23:16 System Log File Thru 6.24.99.evt drwxrwxrwx 1 user group 0 Feb 3 1999 autosave drwxrwxrwx 1 user group 0 Feb 28 1999 bin -rw-rw-rw- 1 user group 625 Nov 26 12:46 foo -rw-rw-rw- 1 user group 394 Nov 26 12:46 foo2 -rw-rw-rw- 1 user group 0 Nov 26 12:47 foo3 -rw-rw-rw- 1 user group 952 Feb 28 1999 mounts.reg -rwxrwxrwx 1 user group 55568 Feb 28 1999 reg.exe output of 'id' (logged in as "cwilson") ***************** uid=0(user) gid=0(group) output of 'ls -l' (logged in as "cwilson") ***************** total 2329 drwxrwxrwx 1 user group 0 Nov 26 00:59 bzip2-0.9.5d drwxrwxrwx 1 user group 0 Mar 13 1999 dllhelpers-0.2.5 -rw-rw-rw- 1 user group 0 Nov 26 12:58 foo6 -rw-rw-rw- 1 user group 1426994 Nov 24 21:31 freetype-1.3.tar.gz -rw-rw-rw- 1 user group 324774 Nov 24 21:28 jbigkit-1.0.tar.gz drwxrwxrwx 1 user group 0 Nov 26 05:53 jpeg-6b drwxrwxrwx 1 user group 0 Nov 26 05:17 libpng-1.0.5 drwxrwxrwx 1 user group 0 Oct 14 07:43 libpng-1.0.5-orig -rw-rw-rw- 1 user group 631491 Nov 24 21:15 tiff-v3.5.2.tar.gz drwxrwxrwx 1 user group 0 Nov 26 05:10 zlib-1.1.3 Corinna Vinschen wrote: > > "Charles S. Wilson" wrote: > > mkpasswd -l -g > passwd > > mkgroup -l > group > > > > I'm using NT, so in the "My Computer"->Properties->Environment pane, I > > set CYGWIN=binmode tty ntea ntsec > > [...] > > Now, I start bash, and do an 'ls -l' > > total 17 > > -rw-rw-rw- 1 user group 871 May 19 1999 bashrc > > [...] > > -rw-rw-rw- 1 user group 9828 Dec 1 1998 termcap > > > > 'id' reports: > > uid=0(user) gid=0(group) > > Hi Charles, > > do you work on a FAT partition? FAT isn't able to handle NT security > settings. On FAT all entries are simulated to be owned by the current > user. > > If you use NTFS, you should make your sample real: Send the output > of `mkpasswd -l' `mkgroup -l' and `ls -ln' of an NTFS dir. > > In the latest snapshots `ntsec' has additional features which are > not visible on the first glance. You are able to use them if you > call `mkpasswd' and `mkgroup' from the snapshots. Both tools now > additionally write the SIDs into the passwd and group file. > Unfortunately, I still haven't updated the ntsec documentation > (documentation is WORK ;-)) so I post the brief description which > I have given in the developers mailing list. Hope, this helps. > Additional questions will be gladly answered (please send them > to the list). > > ============ SNIP ============== > Hi! > > I have patched ntsec so, that SIDs are used, that were previously > saved in /etc/passwd and /etc/group. This has following advantages: > > - Correct working ntsec in domain environments. > > - Non-login accounts (users _and_ groups) may get another name in > /etc/passwd and /etc/group files than their NT account name. > The new name is transparently used by applications (so chown, > chgrp, ls -l, etc. use them now), > e.g.: > root::500:513:... > instead of > administrator::500:513:... > > No problem if running in console window, > BUT: If you need the account to login via telnet, ssh or similar > the login name _must_ be the NT user name. > > - Cygwin UIDs and GIDs are now not necessarily the RID part of the > NT SID: > e.g.: > root::0:513:... > instead of > administrator::500:513:... > > - As with U*X systems, UIDs and GIDs numbering scheme now don't > influence each other, so it's possible to have same Id's for a > user and a group, > e.g.: > /etc/passwd: > root::0:0:... # former 'administrator::500:544:...' > > /etc/group: > root::0: # former 'administrators::544:' > > Disadvantages, if you like to use the new features: > - /etc/passwd: The pw_gecos field has to contain a SID as the last > element of the comma separated list. > - /etc/group: The gr_passwd (former unused) has to contain a SID. > > If no SIDs are found in /etc/passwd and /etc/group, ntsec acts like > the previous version. > > The SIDs are saved in standard WinNT notation (S-1-5-32-...) > the utilities mkpasswd and mkgroup are patched, to support the new > format: > > - mkpasswd and mkgroup generate SIDs by default. This behaviour may > be switched off by the new commandline option `-s' or `--no-sids'. > > Moreover, mkpasswd generates the home dir path with the function > cygwin_conv_to_posix_path(), so mount points are used now. This > behaviour may be changed to `/cygdrive/' by using the > commandline option `-m' or `--no-mount'. > ============ SNAP ============== > > Regards, > Corinna > > -- > Want to unsubscribe from this list? > Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com