X-Spam-Check-By: sourceware.org Message-ID: <44352D47.901@bitjanitor.net> Date: Thu, 06 Apr 2006 10:01:27 -0500 From: Joseph Hetrick User-Agent: Thunderbird 1.5 (X11/20051201) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: sshd and network share permissions Content-Type: multipart/mixed; boundary="------------060608070205040103070006" X-Virus-Status: Clean X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com --------------060608070205040103070006 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hello, I've been through the list archives and have googled fairly heavily and am up against a wall. I've set cygwin sshd up according to the following (which seems to be what is posted to the list at various intervals). http://pigtail.net/LRP/printsrv/cygwin-sshd.html I'm having a problem gaining access to remote shares. Attached is my cygcheck out and I'll add the following: 1) Logged in as a normal user, I find that attempts to net use resources on samba shares and I see: Username MY.AD.DOMAIN\WIN007$ is invalid on this system Windows shares generate similar errors in the eventlog as the machinename WIN007 is carried over instead of a proper username. I've looked through the archives and the general discussion indicates that this breakage happens when folks are using RSAAuth...I am not. I've forced passwd auth, and I've restarted sshd without success. Is this a symptom of sshd running as SYSTEM? There is a single public share I do have access too, and mounting that shows that on the unix side my permissions are mapped and look like I should have r/w access. In practice, however, I do not. Similar errors as the above samba error show up in the event log for the 2k3 host doing the file serving. Additionally: If I do navigate to a public mountpoint and find a spot I have write access to, what I see happen is that when I create a file, from the ssh'd shell, things look as I would expect as far as ownership goes: ex: -rw-r--r-- 1 user_wa Domain Users 0 Apr 6 09:53 test If I go there and look from a local shell: -rwx------+ 1 ??????????? Domain Computers 0 Apr 6 09:53 test (user_wa is an Admin) Clearly the perms I think are applied are not, and I must have something misconfigured of I'm misunderstanding something. Am I miss understanding something about ntsec or smbntsec in this instance? As a little background, I'm a Unix Admin trying to create a unixified win host to do some management design, so, the nuances of win security are a bit new to me. Thanks, Joe --------------060608070205040103070006 Content-Type: text/plain; name="cygcheck.out" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="cygcheck.out" Cygwin Configuration Diagnostics Current System Time: Wed Apr 05 14:28:56 2006 Windows XP Professional Ver 5.1 Build 2600 Service Pack 2 Running in Terminal Service session Path: ~\bin C:\cygwin\bin C:\cygwin\sbin C:\cygwin\usr\sbin C:\cygwin\bin c:\perl c:\usr\sbin c:\sbin c:\bin c:\usr\bin C:\cygwin\usr\local\bin C:\cygwin\bin C:\cygwin\bin c:\Perl\bin\ c:\WINDOWS\system32 c:\WINDOWS c:\WINDOWS\System32\Wbem c:\TEXMF\miktex\bin c:\WINDOWS\system32\ c:\WINDOWS\system32\Wbem c:\Program Files\InstallShield\AdminStudio\6.0\ConflictSolver c:\Program Files\QuickTime\QTSystem C:\cygwin\bin Output from C:\cygwin\bin\id.exe (nontsec) UID: 26769(testuser) GID: 10513(Domain Users) 0(root) 544(Administrators) 545(Users) 1004(Debugger Users) 1003(Offer Remote Assistance Helpers) 10545(mkgroup-l-d) 22608(user_wa) 10512(Domain Admins) 10513(Domain Users) Output from C:\cygwin\bin\id.exe (ntsec) UID: 26769(testuser) GID: 10513(Domain Users) 0(root) 544(Administrators) 545(Users) 1004(Debugger Users) 1003(Offer Remote Assistance Helpers) 10545(mkgroup-l-d) 22608(user_wa) 10512(Domain Admins) 10513(Domain Users) SysDir: C:\WINDOWS\system32 WinDir: C:\WINDOWS CYGWIN = 'ntsec smbntsec' HOME = '/cygdrive/c/Documents and Settings/testuser' PWD = '/cygdrive/c/Documents and Settings/testuser' USER = 'testuser' MAKE_MODE = 'unix' !:: = '::\' !C: = 'C:\cygwin\bin' ALLUSERSPROFILE = 'C:\Documents and Settings\All Users' APPDATA = 'C:\Documents and Settings\testuser\Application Data' CLASSPATH = 'C:\Program Files\QuickTime\QTSystem\QTJava.zip' CLIENTNAME = 'Console' COMMONPROGRAMFILES = 'C:\Program Files\Common Files' COMPUTERNAME = 'A-WIN007' COMSPEC = 'C:\WINDOWS\system32\cmd.exe' DIRCMD = '/ogne' FP_NO_HOST_CHECK = 'NO' HOMEDRIVE = 'C:' HOMEPATH = '\Documents and Settings\testuser' LOGONSERVER = '\\SERV00' NUMBER_OF_PROCESSORS = '1' OS = 'Windows_NT' PATHEXT = '.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH' PROCESSOR_ARCHITECTURE = 'x86' PROCESSOR_IDENTIFIER = 'x86 Family 15 Model 2 Stepping 8, GenuineIntel' PROCESSOR_LEVEL = '15' PROCESSOR_REVISION = '0208' PROGRAMFILES = 'C:\Program Files' PROMPT = '$P$G' QTJAVA = 'C:\Program Files\QuickTime\QTSystem\QTJava.zip' SESSIONNAME = 'RDP-Tcp#1' SYSTEMDRIVE = 'C:' SYSTEMROOT = 'C:\WINDOWS' USERDNSDOMAIN = 'MY.AD.DOMAIN' USERDOMAIN = 'MY' USERNAME = 'testuser' USERPROFILE = 'C:\Documents and Settings\testuser' WINDIR = 'C:\WINDOWS' TERM = 'cygwin' HOSTTYPE = 'i386' VENDOR = 'intel' OSTYPE = 'posix' MACHTYPE = 'i386' SHLVL = '1' LOGNAME = 'testuser' GROUP = 'Domain Users' HOST = 'win007' MANPATH = ':/usr/ssl/man' TZ = 'CST6CDT5,M4.1.0/2,M10.5.0/2' POSIXLY_CORRECT = '1' HKEY_CURRENT_USER\Software\Cygnus Solutions HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\mounts v2 HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\mounts v2\/mnt/winsw (default) = '\\serv12\winsw' flags = 0x00000102 HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\Program Options HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2 (default) = '/cygdrive' cygdrive flags = 0x00000022 HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/ (default) = 'C:\cygwin' flags = 0x0000000a HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/mnt/NX/fonts (default) = 'C:\Program Files\NX Client for Windows\usr\X11R6\lib\X11\fonts' HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/bin (default) = 'C:\cygwin/bin' flags = 0x0000000a HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/lib (default) = 'C:\cygwin/lib' flags = 0x0000000a HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\Program Options a: fd N/A N/A c: hd NTFS 10236Mb 52% CP CS UN PA FC System d: cd N/A N/A i: net NTFS 61443Mb 79% CP CS UN PA FC WinSW j: net NTFS 61443Mb 79% CP CS UN PA FC WinSW \\serv12\winsw /mnt/winsw user binmode,noexec C:\cygwin / system binmode C:\Program Files\NX Client for Windows\usr\X11R6\lib\X11\fonts /mnt/NX/fonts system textmode C:\cygwin/bin /usr/bin system binmode C:\cygwin/lib /usr/lib system binmode . /cygdrive system binmode,cygdrive Found: C:\cygwin\bin\awk.exe Found: C:\cygwin\bin\bash.exe Found: C:\cygwin\bin\cat.exe Found: C:\cygwin\bin\cp.exe Not Found: cpp (good!) Not Found: crontab Found: C:\cygwin\bin\find.exe Not Found: gcc Not Found: gdb Found: C:\cygwin\bin\grep.exe Found: C:\cygwin\bin\kill.exe Not Found: ld Found: C:\cygwin\bin\ls.exe Not Found: make Found: C:\cygwin\bin\mv.exe Not Found: patch Found: c:\Perl\bin\perl.exe Found: C:\cygwin\bin\rm.exe Found: C:\cygwin\bin\sed.exe Found: C:\cygwin\bin\ssh.exe Found: C:\cygwin\bin\sh.exe Found: C:\cygwin\bin\tar.exe Found: C:\cygwin\bin\test.exe Not Found: vi Found: C:\cygwin\bin\vim.exe 56k 2005/07/09 C:\cygwin\bin\cygbz2-1.dll - os=4.0 img=1.0 sys=4.0 "cygbz2-1.dll" v0.0 ts=2005/7/9 0:09 7k 2005/11/20 C:\cygwin\bin\cygcharset-1.dll - os=4.0 img=1.0 sys=4.0 "cygcharset-1.dll" v0.0 ts=2005/11/19 20:24 7k 2003/10/19 C:\cygwin\bin\cygcrypt-0.dll - os=4.0 img=1.0 sys=4.0 "cygcrypt-0.dll" v0.0 ts=2003/10/19 2:57 1108k 2005/10/17 C:\cygwin\bin\cygcrypto-0.9.7.dll - os=4.0 img=1.0 sys=4.0 "cygcrypto-0.9.7.dll" v0.0 ts=2005/10/17 4:16 1047k 2005/10/11 C:\cygwin\bin\cygcrypto-0.9.8.dll - os=4.0 img=1.0 sys=4.0 "cygcrypto-0.9.8.dll" v0.0 ts=2005/10/11 7:47 40k 2006/03/24 C:\cygwin\bin\cygform-8.dll - os=4.0 img=1.0 sys=4.0 "cygform-8.dll" v0.0 ts=2006/3/24 1:16 45k 2001/04/25 C:\cygwin\bin\cygform5.dll - os=4.0 img=1.0 sys=4.0 "cygform5.dll" v0.0 ts=2001/4/25 0:28 35k 2002/01/09 C:\cygwin\bin\cygform6.dll - os=4.0 img=1.0 sys=4.0 "cygform6.dll" v0.0 ts=2002/1/9 0:03 48k 2003/08/09 C:\cygwin\bin\cygform7.dll - os=4.0 img=1.0 sys=4.0 "cygform7.dll" v0.0 ts=2003/8/9 4:25 28k 2003/07/20 C:\cygwin\bin\cyggdbm-3.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm-3.dll" v0.0 ts=2003/7/20 2:58 30k 2003/08/11 C:\cygwin\bin\cyggdbm-4.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm-4.dll" v0.0 ts=2003/8/10 21:12 19k 2003/03/22 C:\cygwin\bin\cyggdbm.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm.dll" v0.0 ts=2002/2/19 21:05 15k 2003/07/20 C:\cygwin\bin\cyggdbm_compat-3.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm_compat-3.dll" v0.0 ts=2003/7/20 3:00 15k 2003/08/11 C:\cygwin\bin\cyggdbm_compat-4.dll - os=4.0 img=1.0 sys=4.0 "cyggdbm_compat-4.dll" v0.0 ts=2003/8/10 21:13 17k 2001/06/28 C:\cygwin\bin\cyghistory4.dll - os=4.0 img=1.0 sys=4.0 "cyghistory4.dll" v0.0 ts=2001/1/6 22:34 29k 2003/08/10 C:\cygwin\bin\cyghistory5.dll - os=4.0 img=1.0 sys=4.0 "cyghistory5.dll" v0.0 ts=2003/8/10 18:16 24k 2006/03/25 C:\cygwin\bin\cyghistory6.dll - os=4.0 img=1.0 sys=4.0 "cyghistory6.dll" v0.0 ts=2006/3/25 8:05 947k 2005/11/20 C:\cygwin\bin\cygiconv-2.dll - os=4.0 img=1.0 sys=4.0 "cygiconv-2.dll" v0.0 ts=2005/11/19 20:24 22k 2001/12/13 C:\cygwin\bin\cygintl-1.dll - os=4.0 img=1.0 sys=4.0 "cygintl-1.dll" v0.0 ts=2001/12/13 3:28 37k 2003/08/10 C:\cygwin\bin\cygintl-2.dll - os=4.0 img=1.0 sys=4.0 "cygintl-2.dll" v0.0 ts=2003/8/10 16:50 31k 2005/11/20 C:\cygwin\bin\cygintl-3.dll - os=4.0 img=1.0 sys=4.0 "cygintl-3.dll" v0.0 ts=2005/11/19 20:04 21k 2001/06/20 C:\cygwin\bin\cygintl.dll - os=4.0 img=1.0 sys=4.0 "cygintl.dll" v0.0 ts=2001/6/20 12:09 21k 2006/03/24 C:\cygwin\bin\cygmenu-8.dll - os=4.0 img=1.0 sys=4.0 "cygmenu-8.dll" v0.0 ts=2006/3/24 1:16 26k 2001/04/25 C:\cygwin\bin\cygmenu5.dll - os=4.0 img=1.0 sys=4.0 "cygmenu5.dll" v0.0 ts=2001/4/25 0:27 20k 2002/01/09 C:\cygwin\bin\cygmenu6.dll - os=4.0 img=1.0 sys=4.0 "cygmenu6.dll" v0.0 ts=2002/1/9 0:03 29k 2003/08/09 C:\cygwin\bin\cygmenu7.dll - os=4.0 img=1.0 sys=4.0 "cygmenu7.dll" v0.0 ts=2003/8/9 4:25 21k 2004/10/22 C:\cygwin\bin\cygminires.dll - os=4.0 img=1.0 sys=4.0 "cygminires.dll" v0.0 ts=2004/10/22 15:28 67k 2006/03/24 C:\cygwin\bin\cygncurses++-8.dll - os=4.0 img=1.0 sys=4.0 "cygncurses++-8.dll" v0.0 ts=2006/3/24 1:17 156k 2001/04/25 C:\cygwin\bin\cygncurses++5.dll - os=4.0 img=1.0 sys=4.0 "cygncurses++5.dll" v0.0 ts=2001/4/25 0:29 175k 2002/01/09 C:\cygwin\bin\cygncurses++6.dll - os=4.0 img=1.0 sys=4.0 "cygncurses++6.dll" v0.0 ts=2002/1/9 0:03 227k 2006/03/24 C:\cygwin\bin\cygncurses-8.dll - os=4.0 img=1.0 sys=4.0 "cygncurses-8.dll" v0.0 ts=2006/3/23 22:51 226k 2001/04/25 C:\cygwin\bin\cygncurses5.dll - os=4.0 img=1.0 sys=4.0 "cygncurses5.dll" v0.0 ts=2001/4/25 0:17 202k 2002/01/09 C:\cygwin\bin\cygncurses6.dll - os=4.0 img=1.0 sys=4.0 "cygncurses6.dll" v0.0 ts=2002/1/9 0:03 224k 2003/08/09 C:\cygwin\bin\cygncurses7.dll - os=4.0 img=1.0 sys=4.0 "cygncurses7.dll" v0.0 ts=2003/8/9 4:24 12k 2006/03/24 C:\cygwin\bin\cygpanel-8.dll - os=4.0 img=1.0 sys=4.0 "cygpanel-8.dll" v0.0 ts=2006/3/24 1:16 15k 2001/04/25 C:\cygwin\bin\cygpanel5.dll - os=4.0 img=1.0 sys=4.0 "cygpanel5.dll" v0.0 ts=2001/4/25 0:27 12k 2002/01/09 C:\cygwin\bin\cygpanel6.dll - os=4.0 img=1.0 sys=4.0 "cygpanel6.dll" v0.0 ts=2002/1/9 0:03 19k 2003/08/09 C:\cygwin\bin\cygpanel7.dll - os=4.0 img=1.0 sys=4.0 "cygpanel7.dll" v0.0 ts=2003/8/9 4:24 176k 2005/09/06 C:\cygwin\bin\cygpcre-0.dll - os=4.0 img=1.0 sys=4.0 "cygpcre-0.dll" v0.0 ts=2005/9/6 15:49 299k 2005/09/06 C:\cygwin\bin\cygpcrecpp-0.dll - os=4.0 img=1.0 sys=4.0 "cygpcrecpp-0.dll" v0.0 ts=2005/9/6 16:26 6k 2005/09/06 C:\cygwin\bin\cygpcreposix-0.dll - os=4.0 img=1.0 sys=4.0 "cygpcreposix-0.dll" v0.0 ts=2005/9/6 16:26 22k 2002/06/09 C:\cygwin\bin\cygpopt-0.dll - os=4.0 img=1.0 sys=4.0 "cygpopt-0.dll" v0.0 ts=2002/6/9 0:45 108k 2001/06/28 C:\cygwin\bin\cygreadline4.dll - os=4.0 img=1.0 sys=4.0 "cygreadline4.dll" v0.0 ts=2001/1/6 22:34 148k 2003/08/10 C:\cygwin\bin\cygreadline5.dll - os=4.0 img=1.0 sys=4.0 "cygreadline5.dll" v0.0 ts=2003/8/10 18:16 152k 2006/03/25 C:\cygwin\bin\cygreadline6.dll - os=4.0 img=1.0 sys=4.0 "cygreadline6.dll" v0.0 ts=2006/3/25 8:05 231k 2005/10/17 C:\cygwin\bin\cygssl-0.9.7.dll - os=4.0 img=1.0 sys=4.0 "cygssl-0.9.7.dll" v0.0 ts=2005/10/17 4:16 215k 2005/10/11 C:\cygwin\bin\cygssl-0.9.8.dll - os=4.0 img=1.0 sys=4.0 "cygssl-0.9.8.dll" v0.0 ts=2005/10/11 7:47 65k 2005/08/23 C:\cygwin\bin\cygz.dll - os=4.0 img=1.0 sys=4.0 "cygz.dll" v0.0 ts=2005/8/22 21:03 1763k 2006/01/20 C:\cygwin\bin\cygwin1.dll - os=4.0 img=1.0 sys=4.0 "cygwin1.dll" v0.0 ts=2006/1/20 12:28 Cygwin DLL version info: DLL version: 1.5.19 DLL epoch: 19 DLL bad signal mask: 19005 DLL old termios: 5 DLL malloc env: 28 API major: 0 API minor: 150 Shared data: 4 DLL identifier: cygwin1 Mount registry: 2 Cygnus registry name: Cygnus Solutions Cygwin registry name: Cygwin Program options name: Program Options Cygwin mount registry name: mounts v2 Cygdrive flags: cygdrive flags Cygdrive prefix: cygdrive prefix Cygdrive default prefix: Build date: Fri Jan 20 13:28:43 EST 2006 CVS tag: cr-0x5ef Shared id: cygwin1S4 Service : sshd Display name : CYGWIN sshd Current State : Running Controls Accepted : Stop Command : /usr/sbin/sshd -D stdin path : /dev/null stdout path : /var/log/sshd.log stderr path : /var/log/sshd.log Environment : CYGWIN="ntsec" Process Type : Own Process Startup : Automatic Dependencies : tcpip Account : LocalSystem Cygwin Package Information Last downloaded files to: U:\Desktop\Win Software\cygwin-install\ Last downloaded files from: ftp://mirrors.kernel.org/sources.redhat.com/cygwin Package Version _update-info-dir 00384-1 alternatives 1.3.20a-2 ash 20040127-3 base-files 3.7-1 base-passwd 2.2-1 bash 3.0-14 bzip2 1.0.3-1 coreutils 5.94-1 crypt 1.1-1 cygrunsrv 1.14-1 cygutils 1.2.10-1 cygwin 1.5.19-4 cygwin-doc 1.4-3 dejagnu 20021217-2 diffutils 2.8.7-1 editrights 1.01-1 expect 20030128-1 findutils 4.2.27-1 gawk 3.1.5-3 gcc-testsuite 3.4.4-1 gdbm 1.8.3-7 grep 2.5.1a-2 groff 1.18.1-2 gzip 1.3.5-1 less 381-1 libbz2_1 1.0.3-1 libcharset1 1.9.2-2 libgdbm 1.8.0-5 libgdbm-devel 1.8.3-7 libgdbm3 1.8.3-3 libgdbm4 1.8.3-7 libiconv 1.9.2-2 libiconv2 1.9.2-2 libintl 0.10.38-3 libintl1 0.10.40-1 libintl2 0.12.1-3 libintl3 0.14.5-1 libncurses5 5.2-1 libncurses6 5.2-8 libncurses7 5.3-4 libncurses8 5.5-2 libpcre0 6.3-1 libpopt0 1.6.4-4 libreadline4 4.1-2 libreadline5 4.3-5 libreadline6 5.1-5 login 1.9-7 man 1.5p-1 minires 1.00-1 mktemp 1.5-3 ncurses 5.5-2 openssh 4.3p2-2 openssl 0.9.8a-1 openssl097 0.9.7i-1 run 1.1.7-1 sed 4.1.5-1 tar 1.15.1-4 tcltk 20030901-1 tcsh 6.14.00-5 termcap 20050421-1 terminfo 5.5_20060323-1 texinfo 4.8-1 vim 6.4-4 which 1.7-1 zlib 1.2.3-1 Use -h to see help about each section --------------060608070205040103070006 Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ --------------060608070205040103070006--