Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Tue, 26 Jul 2005 16:14:15 -0400 From: "Pierre A. Humblet" Subject: Re: ssh session can't see share permissions; rights for disk share reduced.. To: Reply-to: "Pierre A. Humblet" Message-id: <176d01c5921e$9941fd00$3e0010ac@wirelessworld.airvananet.com> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7bit Tom Rodman wrote: > Just upgraded to 1.5.18. Having several problems with > network drives in ssh sessions - problems not seen in 1.5.10 > or earlier. Here they are: > > # ******************************************************************** > # ssh session can not read share permissions w/"setacl" > # ******************************************************************** > # -------------------------------------------------------------------- > # reference (good/OK) example in console bash session > # (notice user staffuser1 is in group 'XYZ_ES_ADMIN') > # -------------------------------------------------------------------- > ~ $ uname -a > CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown unknown Cygwin > ~ $ echo $CYGWIN > binmode tty ntsec smbntsec > ~ $ id > uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF) > groups=0(root),544(Administrators),19858(ABC_NA-CTX-Notepad-A),10513(Domain > Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users) ,545(Users) > ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n' > \\OurBox108\scm > > DACL(not_protected): > Everyone read+SHARE_WRITE+WRITE_OWNER+WRITE_DAC allow no_inheritance > DOMxx1\XYZ_ES_ADMIN full allow no_inheritance > > # -------------------------------------------------------------------- > # failing example in ssh bash session > # -------------------------------------------------------------------- > ~ $ uname -a > CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown unknown Cygwin > ~ $ echo $CYGWIN > binmode tty ntsec smbntsec > ~ $ id > uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF) groups=0(root),544(Administrators),10513(Domain > Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users),545(Users) > ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n' > ERROR reading SD from <\\OurBox108\scm>: Access is denied. I am assuming you use ssh with a password. Correct? If not, discard what follows. This is probably due to a change in ssh, which in turn necessitated a change in Cygwin to contact the domain server to obtain the groups you belong to, even before ssh logs you in. Looks like your server is omitting the group ABC_NA-CTX-Notepad-A This causes Cygwin to generate an internal token to log you in, instead of using the token provided by Windows from your ID/passwd. Your domain does not trust the credentials produced by Cygwin. If the above is true, here is a workaround: edit /etc/group and add "staffuser1" at the end of the line for the group ABC_NA-CTX-Notepad-A (which should have gid 19858). This will remedy the problem with the domain server. It would be nice to understand why a group is not reported (probably a security issue) but doing so probably requires help from a knowledgeable and helpful network admin. Pierre -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/