Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <04CAD2CF7C2CD51199C7009027AD078B8D0283@ev003msxaege.ae.ge.com>
From: "Fletcher, Bob (GEAE, EB&TS)" <bob DOT fletcher AT ae DOT ge DOT com>
To: "'cygwin AT cygwin DOT com'" <cygwin AT cygwin DOT com>
Subject: bash/rlogin can get user id different from NT login.
Date: Fri, 7 Dec 2001 17:20:58 -0500 
X-Mailer: Internet Mail Service (5.5.2653.19)

Hello,
	Consider the following  passwd under cygwin: (1.3.)

user1:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
One:/home/user1:/bin/bash
user2:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
Two:/home/user2:/bin/bash

	Note that user1 and user2 two have the same UID. (!)
If I log in  to W2000 as user2, and start bash, it thinks that I am user1.
If user1 was silly enough to 

myhosthame  user1     
     or god forbid 
+ user1 

in a Unix .rhosts file, I will have access to that account. 

I'm guessing that bash does something like:

Find my Windows ID      (answer  user2) .
Look that ID up in passwd and get the UID. ( answer 1001)
Look that UID up in the Passwd file, and 	get my cygwin ID   ( answer
user1)

If I run rlogin, cygwin happily tells Unix that I am in fact user1, which I
am not.

I suppose that the simple answer is "don't do that!". You have to keep
passwd under control. But, shouldn't cygwin be able to directly use my
windows login id from step 1? Why map it (twice?) through the passwd file? 


Bob.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/