X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Wed, 17 Jun 2009 16:32:59 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: SSH SAMBA
Message-ID: <20090617143259.GK5039@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <6CC1F30947381149A9DA2FA21F51A6D83FADDE96 AT WW001E1ERLMM21 DOT ww001 DOT siemens DOT net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <6CC1F30947381149A9DA2FA21F51A6D83FADDE96@WW001E1ERLMM21.ww001.siemens.net>
User-Agent: Mutt/1.5.19 (2009-02-20)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Jun 17 14:22, Holikar, Sachin (ext) wrote:
> Hello,
>  
> Our requirement was to enable our users to be able to connect to
> Windows XP machine via SSH access. Once connected they should be able
> to go into their home directory. Their respective home directory
> should be Samba mounted onto WinXP machine so that users can simply
> "cd" to their respective drive letter (onto which their home dir is
> mounted.) and work.
> We could manage to cnfigure cygwin and ssh ... so that when users logs
> in ..they get a cygwin bash shell.We have configured ssh as
> Administrator and cygwin is installed in the same profile. In order to
> do samba mount , we made a user map his home directory onto a windows
> drive as Z: and other users home dir onto drive Y:. Both got shared.
> And when both users logged in via ssh, they could see the shared
> drives ie. Z and Y. 

What do you mean by "We have configured ssh as Administrator"?
sshd is supposed to run under a special account as service.  It
needs certain permissions to switch the user context.  If you're
running sshd as Administrator and having configured pubkey authentication
so that both users can login to the box, their sessions will run
as the same user Administrator.

If you didn't configure sshd using the ssh-host-config script and
installed sshd under the special account which would have been
created by that script, it won't work as expected.  Then again, when
using pubkey authentication after having it configured that way,
you won't be able to see the shares at all.  In that case you should
consider Cygwin 1.7, which adds an interesting option in terms of
user authentication.  The new User's Guide explains this in more
detail:
http://cygwin.com/1.7/cygwin-ug-net/ntsec.html#ntsec-setuid-overview

Another option is to install *two* sshd servers, each of them running
under one of the user accounts of the users which should have the
right to logon, each of them using another port (for instance, 2222,
2223).  If configured correctly, each user can only logon to his/her
respective sshd, and each user will only see its own Samba share.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/