Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <3A3C668F.E6885AC8@ece.gatech.edu>
Date: Sun, 17 Dec 2000 02:09:03 -0500
From: "Charles S. Wilson" <cwilson AT ece DOT gatech DOT edu>
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Corinna Vinschen <cygwin AT cygwin DOT com>
Subject: Re: CVS permissions problem with network drive
References: <OF4452111B DOT B0F21FC3-ON862569B2 DOT 00610F4F AT mmm DOT com> <00121412122502 DOT 24469 AT cygbert> <3A38F606 DOT B3458493 AT ece DOT gatech DOT edu> <00121617032806 DOT 00473 AT cygbert>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit



Corinna Vinschen wrote:
> 
> On Thursday 14 December 2000 17:32, Charles S. Wilson wrote:
> > It appears that 'Take Ownership' is not sufficient.  What other
> > rights are being used -- because I'd rather not add my host account
> > to the Administrators group on a permanent basis.
> 
> If that doesn't work for you, I don't know. I haven't checked each
> single user right. I think there's no provision made in the NT concept
> to provide this functionality on a general base. The special feature
> for getting what you want is provided by the domain concept eventually.
> So, if you boxes are part of a domain and your user account is a
> domain account, this will work for sure.

The necessary right appears to be "Restore Files and Directories"
(SeRestorePrivilege).  At least the following did not work:

host user cwilson: member of 'Power Users', no additional rights
  but this DID work:
host user cwilson: membero of 'Power Users' + SeRestorePrivilege.

(It's possible the necessary rights are SeRestorePrivilege + the rights
granted by Power User status, as opposed to normal User).

So: In order to access a CVS repository on an SMB share exported by an
NT host, the user's account on the host must have the SeRestorePrivilege
right.  However, this is dangerous:

The holder of this right is permitted to circumvent NTFS file- and
directory-level access permissions to restore any files on the computer.
It also permits the users to restore NTFS security attributes, including
the file's owner information. Note that utilities such as SCOPY also
take advantage of this capability and can be used to circumvent security
policy. Assign this right with caution.

--Chuck

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com