This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cron and NT domains


On Sun, Jul 14, 2002 at 08:07:17PM -0700, David MacMahon wrote:
> I have created my /etc/passwd and /etc/group files by hand and they work
> fine for ntsec and telnet and ftp.  It is only cron that has a problem
> and only cron that attempts to switch user context to my domain account
> WITHOUT a password.  This is what led me to believe that this is
> actually intentional behavior.  It seems to me that without this
> behavior, one could easily impersonate another domain user simply by
> concocting the proper /etc/passwd entry and creating a crontab job for
> that user.

It's the same situation as on U*X.  If /var/cron/cron.allow and/or
/var/cron/cron.deny aren't maintained...

If you'd use sshd, it would change user context w/o password, too.

However, I have no idea why cron doesn't work for you.  I don't know
enough of your environment.

> One other slightly odd thing is that my RID (i.e. the last number of my
> SID) is greater than 65535.  So in the uid field of /etc/passwd, I have

That's not odd.  uids and gids are 16 bit values so far.

> to put (RID modulo 65536) otherwise things don't work right.  For

You can choose any free uid < 65536.  It's your choice as described
in http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-RELEASE1.1

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]