Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <C322F78942E6D311AF8800D0B73C4FD8830DC9@CUPEX3.rational.com>
From: "Masterson, Dave" <dmasters AT rational DOT com>
To: "'cygwin'" <cygwin AT sources DOT redhat DOT com>
Subject: RE: NTSEC, passwd/group, and "544"
Date: Fri, 10 Nov 2000 10:36:14 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"

Corinna Vinschen wrote:
> "Masterson, Dave" wrote:
> > I'm trying to setup the NTSEC feature on Cygwin 1.1 and 
> > running into strange problems.  With NTSEC turned off, 
> > the output of "ls -l .bashrc" looks like this:
> > 
> > -rwxr-xr-x   1 dmasters dev           359 Nov  5 13:47 .bashrc*
> > 
> > With NTSEC turned on, it looks like this:
> > 
> > -rwx------   1 544      dev           359 Nov  5 13:47 .bashrc*
> >
> 544 is the admins group.

Ok, I see that now from the documentation.  However, what governs the
permissions on the file?

> If ntsec is off, the ownership might be faked dependent of the 
> contents of /etc/passwd.

How?  Does it simply assume that all files are owned by the current user
(ie. leave it to Windows to arbitrate access to the file)?
 
> If you are member of admins and if you create a file without ntsec
> (or in a native environemt at all) the files will not be owned by
> you but by the admins group.
> 
> You should add an entry for the admins group to /etc/passwd similar
> to that one:
> 
> myadmingrp::544:513:,S-1-5-32-544::/bin/false

I thought mkpasswd (without "-s") would do this by default (but "root"
instead of "myadmingrp").

> This will fix the output of ls -l in either case. On the other hand,
> _if_ you are member of the admins group and _if_ you want that the
> files will be owned by you, there's no way around of `ntsec' and/or
> using `chown'.

> > BTW, mkpasswd and mkgroup did not make the "root" account/group

> Sure. They are not intended to do it by themselves. It's _your_
> choice.

By my choice, do you mean my choice for adding "-s" to the command line?  Or
do you mean that mkpasswd doesn't add these accounts at all and its my
choice to add them by hand?

David Masterson
*	Rational Software
*	18880 Homestead Rd.
*	Cupertino, CA  95014
*	(408) 863-5150
*	dmasters AT rational DOT com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com