X-Spam-Check-By: sourceware.org
Date: Fri, 23 Dec 2005 14:24:35 -0500 (EST)
From: Igor Peshansky <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: "Kyle S. Allender" <kallender AT mediacomcc DOT com>
cc: cygwin AT cygwin DOT com
Subject: Re: Cygwin 1.5.18-1 on Windows XP group & passwd problem
In-Reply-To: <43AC40F9.2070604@mediacomcc.com>
Message-ID: <Pine.GSO.4.63.0512231405060.14142@slinky.cs.nyu.edu>
References: <43AC22F7 DOT 9040305 AT mediacomcc DOT com> <Pine DOT GSO DOT 4 DOT 63 DOT 0512231149050 DOT 14142 AT slinky DOT cs DOT nyu DOT edu>  <43AC40F9 DOT 2070604 AT mediacomcc DOT com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Fri, 23 Dec 2005, Kyle S. Allender wrote:

> Igor Peshansky wrote:
>
> >> mkpasswd -l -s > /etc/passwd
> >               ^^
> > At a guess, here's your problem.  This flag completely omits the SIDs
> > from /etc/passwd.  When you omit SIDs, there is no way for Cygwin to
> > map your user id back to Windows security mechanisms, so any attempt
> > to use ntsec (which is on by default) will fail.  This has nothing to
> > do with the domain.
> >
> > Did you mean to use "-d" instead of "-s"?
>
> Well, I had actually intended to not use -d as I did want to import the
> domain users into the file - there are well over 4000 of them, the vast
> majority of whom I would prefer not have access to my system.

My main point was about your using the "-s" flag -- the "-d" comment was
just my guess for a reason you used the flag.  FWIW, you could also use
the "-u" flag to specify the actual user you want from the domain.

> >> mkgroup -l > /etc/group
> >>
> >> The passwd file initially contained a pair of the lines from the
> >> message above when run with mkpasswd -l -d > /etc/passwd, but I'm not
> >> certain as to why.
> >
> > Running any Cygwin program (including mkpasswd) would probably result
> > in the above message if the SIDs are missing.  Just rerun the command,
> > delete the offending lines, and see if it fixes your problem.
> >
> > You could try confirming my guess by running "CYGWIN=nontsec bash"
> > before regenerating /etc/passwd -- if I'm right, you shouldn't see
> > these messages.
>
> Initially, there was no change.  I actually completely removed Cygwin
> from my system and reinstalled (using the current release, not a
> snapshot), but the effect upon launching the Cygwin shell was the same -
> same error message that is.  Opening an xterm with startx resulted in:
>
> CreateFileandSetSecurity failed with FALSE (Expected on FAT Partitions) GLE: 32
> CreateFileandSetSecurity failed with TRUE (not expected) GLE: 32
> [snip]

You said you get the same message for a bash shell?  Could you please try
to capture the output (by opening a CMD.EXE window and typing
"c:\cygwin\cygwin.bat")?

> Output of a re-run of the commands is as follows:
>
> kallender AT nc-dm-dc141 /etc
> $ mkpasswd -l -d > /etc/passwd
> mkpasswd (731): [2453] Could not find domain controller for this domain.

Hmm.  How about "mkpasswd -l -c > /etc/passwd"?

> kallender AT nc-dm-dc141 /etc
> $ mkgroup -l > /etc/group
>
> Contents of the files:
>
> passwd:
>
> SYSTEM:*:18:544:,S-1-5-18::
> Administrators:*:544:544:,S-1-5-32-544::
> Administrator:unused_by_nt/2000/xp:500:513:U-NC-DM-DC141\Administrator,S-1-5-21-1220945662-1547161642-682003330-500:/home/Administrator:/bin/bash
> Guest:unused_by_nt/2000/xp:501:513:U-NC-DM-DC141\Guest,S-1-5-21-1220945662-1547161642-682003330-501:/home/Guest:/bin/bash
> HelpAssistant:unused_by_nt/2000/xp:1000:513:Remote Desktop Help Assistant Account,U-NC-DM-DC141\HelpAssistant,S-1-5-21-1220945662-1547161642-682003330-1000:/home/HelpAssistant:/bin/bash
> SUPPORT_388945a0:unused_by_nt/2000/xp:1002:513:CN=Microsoft Corporation,L=Redmond,S=Washington,C=US,U-NC-DM-DC141\SUPPORT_388945a0,S-1-5-21-1220945662-1547161642-682003330-1002:/home/SUPPORT_388945a0:/bin/bash

I noticed that the "kallender" user is missing from /etc/passwd.
According to the "id" output, "kallender" is definitely a domain user.
Perhaps you need to specify the domain name explicitly (as in "mkpasswd -l
-u kallender -d DOMAINNAME")?

> group:
>
> CreateFileandSetSecurity failed with FALSE (Expected on FAT Partitions) GLE: 32
> CreateFileandSetSecurity failed with TRUE (not expected) GLE: 32

Heh...  You should remove those two lines -- they may be screwing up the
parsing of /etc/group...

> SYSTEM:S-1-5-18:18:
> None:S-1-5-21-1220945662-1547161642-682003330-513:513:
> Administrators:S-1-5-32-544:544:
> Backup Operators:S-1-5-32-551:551:
> Guests:S-1-5-32-546:546:
> Network Configuration Operators:S-1-5-32-556:556:
> Power Users:S-1-5-32-547:547:
> Remote Desktop Users:S-1-5-32-555:555:
> Replicator:S-1-5-32-552:552:
> Users:S-1-5-32-545:545:
> Debugger Users:S-1-5-21-1220945662-1547161642-682003330-1003:1003:
> HelpServicesGroup:S-1-5-21-1220945662-1547161642-682003330-1001:1001:
> RS_Query:S-1-5-21-1220945662-1547161642-682003330-1004:1004:
>
> A further clue _might_ be this:
>
> kallender AT nc-dm-dc141 /etc
> $ ssh -X kylea AT 192 DOT 168 DOT 1 DOT 100
> CreateFileandSetSecurity failed with FALSE (Expected on FAT Partitions) GLE: 32
> CreateFileandSetSecurity failed with TRUE (not expected) GLE: 32
> The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
> RSA key fingerprint is 6d:2d:77:1f:1f:41:04:96:62:f1:5c:76:16:23:b2:2b.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts.
> Password:
> CreateFileandSetSecurity failed with FALSE (Expected on FAT Partitions) GLE: 32
> CreateFileandSetSecurity failed with TRUE (not expected) GLE: 32
> x11_request_forwarding: bad authentication data: with

How is this a clue?  The above is a one-time message from ssh -- using ssh
again will not print this.

> It is almost as if there are permissions on disk that are not correct.
> The suggested command you provided above does not seem to have helped.
>
> What could possibly be causing this?

Looks like these messages may be caused by something in your bash
initialization scripts.  If you get this output from a plain bash (by
running cygwin.bat), here's a suggestion: from a CMD.EXE window, run

cd c:\cygwin\bat
.\bash.exe -v --login -i

And see after what lines the messages appear.

FWIW, I didn't find any place in the Cygwin sources that prints out the
above message -- is it even coming from a Cygwin application?
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/