Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <01C1124D.DAF36310.jorgens@coho.net>
From: Steve Jorgensen <jorgens AT coho DOT net>
Reply-To: "jorgens AT coho DOT net" <jorgens AT coho DOT net>
To: "'Corinna Vinschen'" <cygwin AT cygwin DOT com>
Subject: RE: Untangling security - W2K on NT domain
Date: Sun, 22 Jul 2001 01:30:12 -0700
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



On Sunday, July 22, 2001 1:11 AM, Corinna Vinschen [SMTP:cygwin AT cygwin DOT com] 
wrote:
> On Sat, Jul 21, 2001 at 02:24:40AM -0700, Steve Jorgensen wrote:
> > Scenario:
> >
> > Installed on a Windows 2K workstation and member of an NT 4 domain.
> >
> > Using an account on the domain added to Administrators group on
> > workstation, but merely a regular user on the domain.
> >
> >
> > Problem:
> >
> > In the groups file, 513 is "None".  I thought that was only supposed to 
> > happen on a workgroup system.
>
> On set `mkpasswd' is only called with -l option. Call it again
> using the -d option.
>
> > Untarring files with tar -xvzf fails miserably (as same user as 
described
> > above).  Permissions are set wrong on new directories, and extract 
fails on
> > files destined for those directories because of inadequate permissions.
> >
> > It would seem that I need to fix my /etc/passwd and/or /etc/group 
files,
> > but I don't understand them well enough to know what to do.  What do I 
need
> > to do here
>
> Call mkpasswd and mkgroup without options. That should give you a clue.
> And calling them with options isn't dangerous at all since they both
> write to stdout. A little disposition to play is very helpful sometimes.
>

I guess I'm figuring that out (about playing, that is).  It's a bit 
worrisome, though with regard to being easy for new users to get started. 
 It was bone simple to set everything up the way I wanted it on W98 (where 
security is non-existent), but I can't even untar a package on my W2K box 
without learning a whole new skill.  I think I'm up to it (now that I 
realized everything I need is in the freakin' manual I should have looked 
at in the first place), but it took me a while to realize that passwd and 
group files were even something I needed to concern myself with or that 
they were related to the trouble I was having.

What might be a nice goal for the future would be to ask the user if they 
want to launch a security wizard after first-time setup.  The wizard would 
ask a bunch of questions, then set up /etc/passwd and /etc/group, and run 
chmod on everything that was just installed.  I don't know if I'd be able 
to write something like this, but would you want it if I could do it 
successfully?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/