Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com Message-ID: <392549D8.DBD8CD1@vinschen.de> Date: Fri, 19 May 2000 16:04:08 +0200 From: Corinna Vinschen Reply-To: cygwin Organization: Cygnus Solutions, a Red Hat Company X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.2.14 i686) X-Accept-Language: de, en MIME-Version: 1.0 To: James Dumser CC: cygwin Subject: Re: Login incorrect References: <16847 DOT 000518 AT logos-m DOT ru> <392472F6 DOT 6B672850 AT vinschen DOT de> <39253C47 DOT D9A4EAEE AT bigfoot DOT com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit James Dumser wrote: > [...] > NT. When I telnet or rsh in as a non-Administrators group user (the user > is a member of Power Users, but not Administrators) and run id, I get > uid=1003(jadu) gid=513(Administrators) > My system/global CYGWIN is set to tty ntea ntsec, although that doesn't > show up in rsh sessions. There seem to be up to two different problems on your system: - If you use rsh for login purposes, it calls rlogind on the host side. Is it possible that you use inetutils-1.3.2 instead of inetutils-1.3.2-2? I had uploaded it yesterday around 9:30am UTC and announced in cygwin around 10:30am UTC. rlogind had a problem in the previous version which could be the reason that you couldn't see the CYGWIN env variable. - Your /etc/passwd and /etc/group files aren't correct. Group 513 is _not_ `Administrators' but the group `None' on stand-alone systems or `Domain Users' on systems which are NT domain members. Group `Administrators' has SID 1-5-32-544 which results in GID 544 if you haven't changed it by yourself. Hint: NT doesn't manage group memberships in a responsible way on stand-alone systems. No user (Admins, too) has a primary group as it's managed in U*X like systems. Files created by any user have the group `None' as their group entry. Nevertheless, if you use ntsec and if you change your primary group membership in /etc/passwd, this is taken into account by ntsec. Example: After calling `mkpasswd' and `mkgroup' you have the following entries besides others: /etc/passwd: administrator::500:513:S-1-5-21-???-???-???-500:... /etc/group: Administrators:S-1-5-32-544:544: None:S-1-5-21-???-???-???-513: Login as Administrator, ntsec off: $ touch x; ls -ln x rw-r--r-- 1 544 513 ... x Login as Administrator, ntsec on: $ touch x; ls -ln x rw-r--r-- 1 500 513 ... x Change the Administrator line in /etc/passwd by hand to: Administrator::500:544:... Login as Administrator, ntsec on: $ touch x; ls -ln x rw-r--r-- 1 500 544 ... x And another hint: You may change names as well as UIDs and GIDs to completely different values if ntsec is on and if (and only if!) you have correct S- entries! And if you want to login via telnet/rlogin/rsh/ssh to your account with changed name you must have that additional U- entry in /etc/passwd! For example if you want Admin user and group to be `root' in cygwin, you may change passwd and group files to: /etc/passwd: root::0:0:U-Administrator,S-1-5-21-???-???-???-500:... /etc/group: root:S-1-5-32-544:0: none:S-1-5-21-???-???-???-513:513: Now login as root, ntsec on: $ touch x; ls -ln x rw-r--r-- 1 0 0 ... x > One other discrepancy concerns file ownership. Logged in as jadu, ls > -alF ~jadu shows > [...] > It appears the file owner follows whoever is logged in. Yet I (as > Administrator) can't write to ~jadu: Either this is related to the rlogind problem or you are trying to use ntsec on a FAT partition. ntsec has no effect on FAT partitions because it depends on the ability of the file system to support access control lists. Hope, that helps, Corinna -- Corinna Vinschen Cygwin Developer Cygnus Solutions, a Red Hat company -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com