Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Mon, 22 Jul 2002 10:53:36 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Fwd: Re: cron and NT domains
Message-ID: <20020722105336.Y6932@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20020719103925 DOT G6932 AT cygbert DOT vinschen DOT de> <20020721113030 DOT A1686 AT SmartSC DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020721113030.A1686@SmartSC.com>
User-Agent: Mutt/1.3.22.1i

On Sun, Jul 21, 2002 at 11:30:30AM -0700, David MacMahon wrote:
>   After reading your reply, I gave the local user the
> "Create a token object" privilege.  That changed the 1300 error to 1326,

Don't do this.  It's a dangerous privilege.  Let SYSTEM handle that
except you really know what you're doing.  E. g.  using a special
user for that purpose which has specific rights...

> When running sshd as SYSTEM, I get these errors: 1308, 5, 1326.  Error
> 5 is "Access Denied".  Here is the relevant excerpt from strace...
> [...]
> 521384 17135790 [main] sshd 1968 seterrno_from_win_error: /netrel/src/cygwin-1.3.12-2/winsup/cygwin/security.cc:297 windows error 5
>   203 17135993 [main] sshd 1968 geterrno_from_win_error: windows error 5 == errno 13

This looks exactly like the problem I told you.  You probably don't
have permissions to get the group information of a domain user. See
the remarks section in

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netmgmt/ntlmapi2_10xf.asp

and ask your sysadmin.

> One interesting thing, however, is that mkpasswd doesn't handle RIDs >
> 65535 too well...
> 
> DM2328:unused_by_nt/2000/xp:213147:10513:DM2328,U-DOMAIN\DM2328,S-1-5-21-DDD
> -203147://NTSRV/DM2328$:/bin/bash
> 
> With this passwd entry, the uid gets set to 16539, which is (213147 %
> 0x10000L), but there is no uid-to-username mapping for uid 16539 so
> things like 'id' and 'ls -l' show only the numeric value for uid (i.e.
> 16539).  IMHO, until uids are 32 bits, mkpasswd should be changed to use
> ((RID+offset) % 0x10000L) as the uid.  It will (still) have conflicts if
> two users' RIDs differ by a multiple of 65536, but that conflict exists
> with the current mkpasswd (it's just not so apparent).
> 
> It would also be nice if mkpasswd could detect the incorrect (though
> intuituve, IMHO) syntax that I had been using and print a more
> meaningful error message.

Patches gratefully accepted,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/