X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.7 required=5.0 	tests=AWL,BAYES_00,SARE_MSGID_LONG40,SPF_PASS
X-Spam-Check-By: sourceware.org
MIME-Version: 1.0
In-Reply-To: <20090421153141.GI8722@calimero.vinschen.de>
References: <af075b00904210656p2e8005b6geaad28206f89c121 AT mail DOT gmail DOT com>  	<20090421153141 DOT GI8722 AT calimero DOT vinschen DOT de>
From: Julio Costa <costaju AT gmail DOT com>
Date: Tue, 21 Apr 2009 17:43:04 +0100
Message-ID: <af075b00904210943mfa155e4ycabf9ba1ac2efc24@mail.gmail.com>
Subject: Re: [openssh] service with domain user
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Tue, Apr 21, 2009 at 16:31, Corinna Vinschen wrote:
> On Apr 21 14:56, Julio Costa wrote:
>>
>> I thought that the correct permissions/privileges were assigned in the
>> ssh-host-config... isn't that so? How do I find what is missing?
>
> No, ssh-host-config can only set the user rights for the local account,
> and it only does so if it has been asked to create the account. =C2=A0If =
you
> pre-create the account (as you have to do if you use a domain account),
> you're responsible to give it the necessary rights yourself.

You mean, like in "shame on you domain user! take this broken wings
and fly way!"?

Now seriously, I understand perfectly why it does not do that right
now, taking the historical absence (as long as I can see) of
domain-user-type users of Cygwin... but what if I asked "Shouldn't
that kind of setup be done in the script?" (PTC is a logical answer,
but still... I like to see it)

Actually I'm a bit surprised with the amount of (small, tiny,
amounting to a huge pile) problems that I've bumped into which are
most of the time related to the fact I'm using a domain user...
I'm working for a big corporation, and like such, every server is in
some domain, and we all use our domain users to work in any server.
As I'm not in THE systems or network admin's team, but in a "server
client" or applicational admin team, I have the typical profile of
"Local Admin, Regular Domain User".
Is that profile so rare out there? Is not something that Cygwin should
support in a more friendly (if not transparent) manner?

>
> I, for one, created a cyg_server account using ssh-host-config on the
> domain controller, then created a domain policy to propagate the
> necessary permissions to other machines in the domain.

That I can't do. But also do not need to, because I've my Cygwin work
focused in one, two server at most, at the moment.

> You can also
> create the important rights(*) for this user on a per-machine base
> using editrights or native Windows tools.
>

Precisely. Although I still thinking "Why do I have to do this by hand?"

Regarding editrights, I think that there is a problem also.
Is the reported output in my previous email as expected?

Do you want me to start another thread on that?

___________
Julio Costa

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/