Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Fri, 23 May 2003 14:10:30 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
Subject: Re: Question about "rexec"
In-Reply-To: <balmed$u7f$1@main.gmane.org>
Message-ID: <Pine.GSO.4.44.0305231407561.26092-100000@slinky.cs.nyu.edu>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Fri, 23 May 2003, Andrew DeFaria wrote:

> Larry Hall (RFK Partners, Inc.) wrote:
>
> > Andrew DeFaria wrote:
> >
> >> Bill C. Riemers wrote:
> >>
> >>> You might also want to check the ownership of your home directory
> >>> and .ssh directory, as that is the only thing I can think of that
> >>> would cause the touch error in your previous message.  If ownership
> >>> or permissions are wrong, then sshd defaults to require a password
> >>> rather than trusting that nobody else has changed the key files.
> >>
> >> Herein I believe my difficulties lie. That an not understanding
> >> Windows permissions vs Unix permissions and how such things are
> >> mapped. Here's what I do know:
> >>
> >> $ cd ~/.ssh
> >> $ ls -l
> >> total 6
> >> -rw-r--r--    1 adefaria Domain U      227 May 22 17:10 authorized_keys
> >> -rw-r--r--    1 adefaria Domain U      227 May 22 15:25 authorizedkeys
> >> -rw-r--r--    1 adefaria Domain U      887 May 22 15:22 id_rsa
> >> -rw-r--r--    1 adefaria Domain U      227 May 22 15:22 id_rsa.pub
> >> -rw-r--r--    1 adefaria Domain U     1624 May 22 15:19 known_hosts
> >> $ chmod 600 id_rsa*
> >> $ ls -l
> >> total 6
> >> -rw-r--r--    1 adefaria Domain U      227 May 22 17:10 authorized_keys
> >> -rw-r--r--    1 adefaria Domain U      227 May 22 15:25 authorizedkeys
> >> -rw-r--r--    1 adefaria Domain U      887 May 22 15:22 id_rsa
> >> -rw-r--r--    1 adefaria Domain U      227 May 22 15:22 id_rsa.pub
> >> -rw-r--r--    1 adefaria Domain U     1624 May 22 15:19 known_hosts
> >>
> >> Nothing. So I go into Windows Explorer and look at the Security
> >> setting on the Properties dialog. I attempt to remove the users in
> >> the Security section and it tells me that I have to stop inheriting
> >> permissions. So I go to stop inheriting permissions and tell it to
> >> remove everything. Now nobody's listed in the Securities section.
> >> Windows warns me that only the create of the file will be able to
> >> access it. I look in Cygwin with ls -l and the mode bits are the
> >> same. I try the chmod again and there is no change! So I add my user
> >> back to having full control. My user is the only user listed now but
> >> the mode bits are still 644.
> >>
> >> When I try to ssh $(hostname) cmd I get:
> >>
> >> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> >> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> >> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> >> Permissions 0644 for '/us/adefaria/.ssh/id_rsa' are too open.
> >> It is recommended that your private key files are NOT accessible by
> >> others.
> >> This private key will be ignored.
> >> bad permissions: ignore key: /us/adefaria/.ssh/id_rsa
> >>
> >> Now what?!?
> >>
> >> (It would be nice if somebody who really knew the algorithm could
> >> explain Windows permissions and how they are mapped to Unix mode bits).
> >
> > Or you could just look at the FAQ:
> >
> > Why doesn't chmod work?
> > <http://cygwin.com/faq/faq_toc.html#TOC45>
>
> All that this says is to insure that you have ntsec set. I have it set.
> chmod still doesn't work! BTW I'm on Windows XP and use NTFS. My home
> directory is on the server (/us is a mount of //<server>/<share>).

Andrew,

For Samba shares you need to have 'smbntsec' set -- 'ntsec' only affects
local drives (and the ability to set user/group ids correctly, so you
still need that set).  Also make sure your /etc/passwd and /etc/group are
up to date.  I've found that I actually had to create a fake group in
/etc/group and set it as my primary to be able to access a Samba share
mapped from DFS on AIX.  *sigh*

> Next idea?
>
> P.S. It would still be nice if somebody who really knew the algorithm
> could explain Windows permissions and how they are mapped to Unix mode bits!

I believe <http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-FILES> does an
adequate job of this...
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/