Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Wed, 8 Oct 2003 13:42:48 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Boris Mayer-St-Onge <boris AT gmc DOT ulaval DOT ca>
cc: cygwin AT cygwin DOT com
Subject: Re: Domain Users
In-Reply-To: <3F84462C.2000803@gmc.ulaval.ca>
Message-ID: <Pine.GSO.4.56.0310081321480.15176@slinky.cs.nyu.edu>
References: <3F84462C DOT 2000803 AT gmc DOT ulaval DOT ca>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 8 Oct 2003, Boris Mayer-St-Onge wrote:

> Recently, we have upgraded our version of cygwin from 1.3.12-2 to
> 1.5.5-1.  Since that, we have a problem with domain users.
>
> Cygwin is installed locally on each computer by the local administrator
> and it is used by domain users.  If we open a bash shell, we have the
> following messages:
>
> bash: cannot create temp file for here document: Permission denied

At a guess, this is because you have TEMP set to some directory that
domain users cannot access.  You could add a "TEMP=/tmp" at the top of
/etc/profile, and see if it helps.  Oh, and make sure /tmp on every
computer is mode 01777, so that it *is* writeable by everyone.

> Your group is currently "mkpasswd".  This indicates that
> the /etc/passwd (ans possibly /etc/group) files should be rebuilt.
> See the man pages for mkpasswd and mkgroup then, for example, run
> mkpasswd -l [-d] > /etc/passwd
> mkgroup -l [-d] > /etc/group
> Note that the -d switch is necessary for domain users.
>
> If we add "Domain Users" in the /etc/group file and one domain user in
> the /etc/passwd, this user can then use cygwin correctly (but we still
> have the message concerning the temp file.  Any hints?).

See above.

> The problem is that we have several hundren of users and some of them
> are added and deleted each week.  Is there an other solution that adding
> all the users in the /etc/passwd file?
>
> Boris

Unfortunately, the SID of the user should be in /etc/passwd for the user
to have full use of Cygwin's services, etc.  One possible solution in your
situation is to keep one centralized user database on a shared drive and
mount it as /etc/passwd on each machine (and similarly for groups).  That
way, when you add and remove users, you will only have to change one file.
The UIDs for the standard accounts (i.e., Administrator{,s}, SYSTEM, etc)
are usually pretty standard, at least on NT-based OSs, but I'm not too
sure about the SIDs, so you might have some problems there...  Also, be
aware that security attributes on shared drives are controlled by the
"smbntsec" setting in the CYGWIN environment variable, rather than
"ntsec".
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/