Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <009f01c32704$815b42a0$4d1f1cac@THEODOLITE>
From: "Bruce Dobrin" <dobrin AT imageworks DOT com>
To: <cygwin AT cygwin DOT com>
Cc: <cygwin AT cygwin DOT com>
References: <Pine DOT GSO DOT 4 DOT 44 DOT 0305281620580 DOT 17652-100000 AT slinky DOT cs DOT nyu DOT edu> <011a01c32575$f8aeea40$4d1f1cac AT THEODOLITE> <3ED6110A DOT 4030209 AT cygwin DOT com> <00a801c32612$89cf31f0$4d1f1cac AT THEODOLITE> <3ED6BE82 DOT 6070807 AT cygwin DOT com>
Subject: Re: NTsec permissions issue over inet
Date: Fri, 30 May 2003 16:37:59 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

Thanks for responding Larry,

I actually had tried most permutations of (no)ntsec, (no)smbntsec, (no)ntea,
etc... and on other machines that didn't have weird path or passwd
entries. -- no dice

I think I may have a good hint as to what is going on,  but I'll need
someone who knows the system better than I to figure out the solution.

By the way I have around 300 machines here,  and I found one which is
running cygwin1.3.2 and which works fine.  This leads me to think that it is
something to do with the hosts.equiv functionality which I believe was non
functional before at 1.3.2 ( at least I didn't use it here).  I found
machine that if I : forced the user to use a password and I set some
permutations of the permissions...  it then works:  example:

dobrin AT THEODOLITE:/home/dobrin> rsh gable3
Fanfare!!!
..........
dobrin AT GABLE3:/home/dobrin> echo $CYGWIN
ntea nontsec smbntsec
dobrin AT GABLE3:/home/dobrin> cd //matilda/dist
//matilda/dist: Permission denied.

BUT,  If I force a passwd entry:

dobrin AT THEODOLITE:/home/dobrin> rsh gable3 -l poo
Password:
Login incorrect
login: dobrin
Password:
Fanfare!!!
...........
dobrin AT GABLE3:/home/dobrin> echo $CYGWIN
ntea nontsec smbntsec
dobrin AT GABLE3:/home/dobrin> cd //matilda/dist
dobrin AT GABLE3:/matilda/dist>


Unfortunately I don't really think of this as a good solution ,  and it
doesn't appear to work with my default $CYGWIN setup.
Does this help at all?
Thanks,
Bruce

----- Original Message ----- 
From: "Larry Hall" <cygwin AT cygwin DOT com>
To: "Bruce Dobrin" <dobrin AT imageworks DOT com>
Cc: <cygwin AT cygwin DOT com>
Sent: Thursday, May 29, 2003 7:14 PM
Subject: Re: NTsec permissions issue over inet


> Bruce Dobrin wrote:
> > Here are the Cygcheck,  and Group files,  I'll include the my (typical)
> > passwd entry as we have a ( legitimate) policy against publishing our
login
> > id's ( I know it doesn't include encrypted passwd's, but with 650
entries,
> > but I'd like to reduce the fodder for someone's foreach loop thru a
cracking
> > program).
> >
> >
> > representative passwd entries:
> >
> > SYSTEM:*:18:544:,S-1-5-18::
> > Administrators:*:544:544:,S-1-5-32-544::
> >
dobrin:unused_by_nt/2000/xp:11014:10512:Brucester,U-PRODUCTION\dobrin,S-1-5-
> > 21-501104424-1911818820-14498641-1014:/home/dobrin:/bin/bash
> >
> >
> > Thanks
> > Bruce Dobrin
>
>
> Partial passwd entries is fine.  What you provided is adequate.
>
> The basics look OK.  I find two things in common between your information
> and Steve's:
>
>    1. You both appear to have a strange entry in your path.  I'm not
>       sure if it's some weird artifact of cygcheck or if it's actually
>       in the path.  In yours, you have a directory that looks like this:
>
>       "c
>       C:\cygwin\program_files\diskaccess\bin"
>
>       Steve's is just "c".
>
>    2. You both have a carriage return as the last character in either
>       your passwd or group files.
>
> Neither of these are clearly related to this issue but should be
> investigated and cleaned up.  Also, neither of you set 'smbntsec'
> in your CYGWIN environment variable (before starting Cygwin or any of
> it's services).  Please do, just so we can rule this out as an issue.
> Also, since you both claim that this used to work, please try removing
> 'ntsec' and 'smbntsec' and/or adding 'nontsec' to your CYGWIN environment
> variable (before starting Cygwin or any of it's services).  This should
> help pinpoint whether turning 'ntsec' on by default in recent releases
> has any bearing.
>
>
>
> -- 
> Larry Hall                              http://www.rfk.com
> RFK Partners, Inc.                      (508) 893-9779 - RFK Office
> 838 Washington Street                   (508) 893-9889 - FAX
> Holliston, MA 01746
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/