X-Spam-Check-By: sourceware.org Message-ID: <44354B34.1080605@bitjanitor.net> Date: Thu, 06 Apr 2006 12:09:08 -0500 From: Joe Hetrick User-Agent: Thunderbird 1.5 (X11/20051201) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: sshd and network share permissions References: <043601c6599a$a15362b0$a501a8c0 AT CAM DOT ARTIMI DOT COM> In-Reply-To: <043601c6599a$a15362b0$a501a8c0@CAM.ARTIMI.COM> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Dave Korn wrote: > On 06 April 2006 17:31, Joe Hetrick wrote: > >> Dave Korn wrote: >>> On 06 April 2006 16:01, Joseph Hetrick wrote: >>> >>>> I've set cygwin sshd up according to the following (which seems to be >>>> what is posted to the list at various intervals). >>>> >>>> http://pigtail.net/LRP/printsrv/cygwin-sshd.html >>> >>> Well, if you've read those posts, you'll also have read the follow-ups, >>> won't you, and so you'll already have known before you even sent that post >>> that you aren't going to get an answer here, won't you, and so it isn't >>> really clear why you even bothered to finish the post and send it, is it? >>> >> I'm not really sure I see what you're getting at. > > The fact that nobody here offers support services for pigtail.net. If you > follow some non-standard instructions from some random website on the net, and > something goes wrong, you should ask the place you got the instructions from > what the problem is with their instructions. Nobody here is necessarily going > to have any idea what it says at that site, nor is anyone going to be keen to > jump up and do a detailed analysis of the similarities and discrepancies > between what they suggest and the officially recommended way of configuring > cygwin as seen in the cygwin documentation. > Understood. Was just being honest, however. >> Unless its that I >> didn't also mention that I read and followed >> /usr/share/doc/Cygwin/openssh.README > > Ah, so you've followed some random combination of the right instructions and > some random set of unknown instructions. Great. Well, all I can say based on > that is that you might have got it right and there might be a real problem, or > you might have got it wrong and the problem might just be caused by something > unimportant or something else. Or not. > Also understood, and anticipated. Fortunately (or un) I'm also fiddling in a VMware environment so I was bright enough to just revert snapshots so I could be reasonably sure I was back to a Cygwin Known State. > (It would have been a better idea to mention the bit that we all know about > rather than the bit which every single time it gets mentioned somebody has to > point out all over again that we don't know what advice or instructions they > give out at pigtail dot net and therefore cannot give informed responses to > queries regarding it.) > So, at this point lets forget I even mentioned pigtail, and start to assume that I'm running fresh and maybe have some misconceptions about How Things Actually Should work versus what I groked from: http://cygwin.com/cygwin-ug-net/ntsec.html >> I see plenty of responses to postings with less specific and less >> complete postings than my own, which normally direct folks to >> openssh.README. > > So, why didn't you know to ignore the pigtail dot net site and /just/ use > the canonical instructions? > Well, in all honestly I tried those second... And then I went back to known and reworked through the Cygwin Blessed, to be sure I hadn't made any of the posted mistakes in that process. >> My questions were more directed at the behavior that I was seeing and if >> it fit with what I should be seeing when sshd runs as SYSTEM. > > OK, then the answer to your question "Is this a symptom of sshd running as > SYSTEM?" is "Yes under certain circumstance, no under others, ACCORDING TO HOW > YOU'VE CONFIGURED AND SET UP YOUR SYSTEM". And since that vital second clause > is full of unknowns, any answer we give you is likely to be equally uncertain. > And I'll pretty much fess up to being in an odd environment. Most postings seemed to be around local users with remote share points and permissions. In my case it's domain users and remote share points (both samba and 2k3), though, in theory, it seems like with some twiddle, this should be perfectly servicable. I'll also fess up to not being overly comfortable with windows permissions and then how they're handled by NTSEC/SMBNTSEC. The obvious next step may be to get running sshd as !SYSTEM in an attempt to get around credential problems, which I'm currently doing battle with, and wasn't quite informed enough to post some questions I've got there. > >> I wasn't groveling for a canned solution, I was merely following posting >> rules, and asking a few questions related to what I was seeing in hopes >> that I could get a confirmation or two. > > Well, full marks for attaching your cygcheck.out anyway. > > Shouldn't you be doing something about that "mkgroup-l-d"? > Yea, that is a problem. The particular user is a member of piles of groups, and I've begun working through why those aren't happening. Thanks, I'll go work through my groups with a bit more effort. And work through a few more possibilities and try and see if I can come up with something more specific with a more specific set of responses. J > > cheers, > DaveK -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/