Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <006801c3850c$f1561c40$6501a8c0@homepc>
From: "Michael Condict" <Michael AT condict DOT org>
To: <cygwin AT cygwin DOT com>
Subject: smbntsec broken for drives shared as different user
Date: Sat, 27 Sep 2003 11:35:12 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

There are many reasons in Windows why you need to map a shared drive onto
your system by connecting to it with an explicit username and password, different
from the current logged in user.  The most important reason is that you are logged
into a desktop as a local (non-domain) user and want to access files shared by
another system.  No local user on your system has the same SID as any user on
any other system, even if the user-name is the same.  Both Windows and CYGWIN
treat the two users as distinct.

But when a local user y connects to a shared drive as user x, he should have all the rights
of remote user x to access files and directories on that drive.  Windows gets this
right, but CYGWIN's smbntsec does not.  It thinks you have the rights of user y.

This shows up in strange ways.  When you try to create a file and write to it, the file
will be created, but the write will fail and it will be left zero-length.  When you try to
delete the file, "rm" will tell you it's write protected, but the delete will succeed
anyway (because the remote SMB server allows it, of course).

Is there any hope of fixing this behavior?  Right now I have a SAMBA server on
Linux sharing files to my Windows XP desktops, and I can't set them up as members
of the SAMBA domain, because then I lose one of the most precious features of
Windows XP, namely the ability to switch users without logging off (multiple logon
sessions in parallel), not to mention several other nice features (thank you very
much, MicroSoft, for making us choose between unrelated useful features!).  Anyway,
this means that I have to login to my Windows systems as a  local user, but I want my
home directory and most of my files to be on the SAMBA server, so I can access
them from any Windows desktop.  And I really don't want to completely unprotect
the shared files on the SAMBA server.

Is there perhaps a work-around for this?  Or is this just a basic incompatibility
between the SMB security model and the Unix model?

Thanks for any advice.

Michael Condict

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/