Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <3BCB1525.3E9FA2F4@rowman.com> Date: Mon, 15 Oct 2001 12:56:05 -0400 From: John Peacock MIME-Version: 1.0 To: Peter Buckley CC: Robert Collins , Corinna Vinschen Subject: Re: rsh: "Permission denied" on file creation. Cygwin 1.3.3 on W2K Adv Srv SP2. References: <3BC72151 DOT F11E6CB0 AT cportcorp DOT com> <20011013105919 DOT O1155 AT cygbert DOT vinschen DOT de> <3BC89445 DOT DEED628 AT rowman DOT com> <007d01c154b9$d088be30$0200a8c0 AT lifelesswks> <3BCB0C7D DOT 148867EF AT cportcorp DOT com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Peter Buckley wrote: > > Ummm.... I don't understand why home directories on > a network share would ever be "public". I thought that > root on unix could read whatever it wanted > (including home directories on network shares, > hence SYSTEM is NOT equivalent), I don't think that is true of NFS mounts but it may be. > but this > idea of public sounds like anyone (the guest user) or > some intruder could read the contents of my home > directory on a network share without authenticating. > That just sounds silly, so maybe I need someone to > explain this idea of "public" to me. The whole idea of "public" shares under NT gives me the absolute willies! > > Basically, the problem here is the "security" feature > that rsh uses where it tries to cd to the user's home > directory as the SYSTEM account, then failing that > exits if CYGWIN is defined. This is ridiculous. > When I rsh, the whole idea is that I am "me" and I am > executing commands as "me" on the remote system. I don't > want to cd to my home directory as SYSTEM, and in this > case it doesn't work because it is a network share and > kicks me out. This is indeed where this discussion started. And, as I tried to point out at the time, rsh is a *nix program that has been modified to work under CygWin. The current security model is to do everything necessary to set up the user's login, then drop the enhanced rights at the very last possible moment. Lots of *nix programs actually go further and use chroot, which actually places the user process in a virtual / without any way of getting out to the rest of the machine. Of course, this is not possible under NT at all. The fallback, to make sure that no one can log in as Guest, is to not allow any login to non-existant $HOME directories, which from the standpoint of SYSTEM, yours is. So you are not "me" until after the cd for a very good reason. To change it for CygWin would be to make it less secure. Have you checked out ssh instead of rsh? It is much more secure, from the ground up, and may actually work better for you. > > I know that I can modify the code so it doesn't do this, > but I don't think it should use this security feature this > way. There are probably a bunch of NT users who have their > home directories on network shares. It was explained to me > that the whole idea of this security feature is so an > unauthorized user doesn't end up in the / directory. The > section of code does this- > > if (cd $HOME) > #okay, we cd'd to the home directory no problem > else > ifdef _CYGWIN_ > error (no remote directory; exit1) > else > cd / > endif > endif > > Why can't the "cd /" simply be a "cd /some-harmless-place" > and provide the same level of security? Simply saying > "you shouldn't have your home directory on a network share" > isn't good enough. Maybe I just don't understand the idea > of making my home directory "public" and if someone explains > it to me I can tell my sysadmins and have them set it up that > way. > The problem is that until NTSEC, there was no harmless place. And I am not sure that I would even rely on CygWin's NTSEC implementation (as it relies on NT). Corina would be much more likely to be able to tell you whether this is a secure option. John p.s. really, you should be using ssh, not rsh ;~) -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/