Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <3980A672.FAFD45E2@cygnus.com> Date: Thu, 27 Jul 2000 23:15:30 +0200 From: Corinna Vinschen Reply-To: cygwin X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.14-SMP i686) X-Accept-Language: de, en MIME-Version: 1.0 To: "Joseph M. Reagle Jr." CC: cygwin Subject: Re: ssh-agent, ntsec, and tmp permissions References: <3 DOT 0 DOT 5 DOT 32 DOT 20000725143356 DOT 029fe1b8 AT localhost> <3 DOT 0 DOT 5 DOT 32 DOT 20000725161138 DOT 019a44a0 AT localhost> <3 DOT 0 DOT 5 DOT 32 DOT 20000726160642 DOT 01416bc0 AT localhost> <3 DOT 0 DOT 5 DOT 32 DOT 20000727162553 DOT 01931678 AT localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Joseph M. Reagle Jr." wrote: > Unfortunately, I'm still having difficulties with the persmissions, and [1] > has me rather confused. I've reinstalled the whole thing, seem to have most > things working, but when I go to install perl, openssl, and openssh, the > result of the tar is that I'm don't have the permission to copy files to > those directories. I'm sitting at home, on my laptop, as W3C\reagle but I > can't see that domain right now. So I expect the following applies [1]: > > If an NT user has one account as domain user and another > account on his local machine, this accounts are under any > circumstances DIFFERENT, regardless of the usage of the same > user name and password! > > Most of the filye system is: > drwxrwxrwx 4 administ None 4096 Jul 27 14:45 etc/ > > which isn't surpising given [1]: > If your login is member of the administrators' group: > rwxrwxrwx 1 544 513 ... foo > > I suspect the following applies to me [1]: > > Unfortunately, workstations and servers outside of domains > are not able to set primary groups! In these cases, where > there is no correlation of users to primary groups, NT returns > 513 (None) as primary group, regardless of the membership > to existing local groups. > > when using mkpasswd -l -g on such systems, you have to > change the primary group by hand if `None' as primary group is > not what you want (and I'm sure, it's not what you want!) Your description is completely correct so I assume you're on the way to understand NT security (which is a long way. Personally I still have leaks and I'm managing ntsec since January 1999). > But I don't know what this means (change the primary group by hand)? This > page [1] is slowly becoming useful to me as I read the exposition over and > over, but I'm wishing for something along the lines of, if you want to do X, > do Y. If you can't do Z, do A, etc. This isn't that easy: - I hate writing documentation. - I would gladly appreciate a FAQ for ntsec but this should be written by somebody who doesn't look from the programmers point of view. I tend to wallow in technical details. David? Are you listening? > What exactly do I do, edit the /etc/{passwd,group} file? Use NT to change > the owner/permissions of the files? Use cygwin chown to do the same? Imagine your NT user account is member of the local group `users' then you may change /etc/passwd so that your primary group membership is set to `users' in Cygwin. Now try a `touch foo' and `ls -l foo' and you will see what you want: rwxrwxrwx 1 administrator users ... foo Note that this is only done that way when using Cygwin tools, obviously. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT sources DOT redhat DOT com Red Hat, Inc. mailto:vinschen AT cygnus DOT com -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com