This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cron and NT domains


On Fri, Jul 12, 2002 at 09:16:27AM +0200, Corinna Vinschen wrote:
> On Thu, Jul 11, 2002 at 04:48:40PM -0700, David MacMahon wrote:
> > that mkpasswd fails when listing my login domain, but when listing my
> > PC's domain.  When listing my login domain, I get a message something like
> > "mkpasswd: [5] Access is denied."  I'm not at work today, so I can't
> > verify that until tomorrow, but that's the basic concept.

I was able to verify that message.  It appears exactly as shown above.

> Are you able to request just your own account as in
> 
>   mkpasswd -g -u <yourname>?

That command produces no output.  I can run "mkpasswd -d <pc_domain>" and
get a listing of all users in <pc_domain> (which does not include me).  I
cannot run "mkpasswd -d <login_domain> -u <myname>" because I get the
above error (after it displays the "well known" accounts).

> I assume your servers are running a active directory domain?  It's
> possible that your admin(s) did restrict access to the network
> managment functionality so that could be a reason you're unable to
> get that info.

That is certianly possible.

> There are two registry keys begining with S-1-5-21-.  Use the one
> w/o the trailing "_Classes".  Use the last number as uid.

I have created my /etc/passwd and /etc/group files by hand and they work
fine for ntsec and telnet and ftp.  It is only cron that has a problem
and only cron that attempts to switch user context to my domain account
WITHOUT a password.  This is what led me to believe that this is
actually intentional behavior.  It seems to me that without this
behavior, one could easily impersonate another domain user simply by
concocting the proper /etc/passwd entry and creating a crontab job for
that user.

One other slightly odd thing is that my RID (i.e. the last number of my
SID) is greater than 65535.  So in the uid field of /etc/passwd, I have
to put (RID modulo 65536) otherwise things don't work right.  For
example, if I put the larger number (i.e. actual RID) in /etc/passwd as
my uid, doing an 'ls -l' on files I own (as shown by Win2K) doesn't show
my /etc/passwd user name in the owner column, but instead shows that the
owner's uid is the (RID modulo 65536) value.

Thanks for you thoughts,
Dave

-- 
David MacMahon, President
Smart Software Consulting
http://www.smartsc.com

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]