This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
Re: ssh-agent, ntsec, and tmp permissions
- To: "Joseph M. Reagle Jr." <reagle at w3 dot org>
- Subject: Re: ssh-agent, ntsec, and tmp permissions
- From: Corinna Vinschen <vinschen at cygnus dot com>
- Date: Thu, 27 Jul 2000 23:15:30 +0200
- CC: cygwin <cygwin at sources dot redhat dot com>
- References: <3.0.5.32.20000725143356.029fe1b8@localhost> <3.0.5.32.20000725161138.019a44a0@localhost> <3.0.5.32.20000726160642.01416bc0@localhost> <3.0.5.32.20000727162553.01931678@localhost>
- Reply-To: cygwin <cygwin at sources dot redhat dot com>
"Joseph M. Reagle Jr." wrote:
> Unfortunately, I'm still having difficulties with the persmissions, and [1]
> has me rather confused. I've reinstalled the whole thing, seem to have most
> things working, but when I go to install perl, openssl, and openssh, the
> result of the tar is that I'm don't have the permission to copy files to
> those directories. I'm sitting at home, on my laptop, as W3C\reagle but I
> can't see that domain right now. So I expect the following applies [1]:
>
> If an NT user has one account as domain user and another
> account on his local machine, this accounts are under any
> circumstances DIFFERENT, regardless of the usage of the same
> user name and password!
>
> Most of the filye system is:
> drwxrwxrwx 4 administ None 4096 Jul 27 14:45 etc/
>
> which isn't surpising given [1]:
> If your login is member of the administrators' group:
> rwxrwxrwx 1 544 513 ... foo
>
> I suspect the following applies to me [1]:
>
> Unfortunately, workstations and servers outside of domains
> are not able to set primary groups! In these cases, where
> there is no correlation of users to primary groups, NT returns
> 513 (None) as primary group, regardless of the membership
> to existing local groups.
>
> when using mkpasswd -l -g on such systems, you have to
> change the primary group by hand if `None' as primary group is
> not what you want (and I'm sure, it's not what you want!)
Your description is completely correct so I assume you're on the
way to understand NT security (which is a long way. Personally I
still have leaks and I'm managing ntsec since January 1999).
> But I don't know what this means (change the primary group by hand)? This
> page [1] is slowly becoming useful to me as I read the exposition over and
> over, but I'm wishing for something along the lines of, if you want to do X,
> do Y. If you can't do Z, do A, etc.
This isn't that easy:
- I hate writing documentation.
- I would gladly appreciate a FAQ for ntsec but this should be written
by somebody who doesn't look from the programmers point of view.
I tend to wallow in technical details.
David? Are you listening?
> What exactly do I do, edit the /etc/{passwd,group} file? Use NT to change
> the owner/permissions of the files? Use cygwin chown to do the same?
Imagine your NT user account is member of the local group `users'
then you may change /etc/passwd so that your primary group
membership is set to `users' in Cygwin. Now try a `touch foo'
and `ls -l foo' and you will see what you want:
rwxrwxrwx 1 administrator users ... foo
Note that this is only done that way when using Cygwin tools,
obviously.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@sources.redhat.com
Red Hat, Inc.
mailto:vinschen@cygnus.com
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com