This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Fwd: Re: cron and NT domains


On Sun, Jul 21, 2002 at 11:30:30AM -0700, David MacMahon wrote:
>   After reading your reply, I gave the local user the
> "Create a token object" privilege.  That changed the 1300 error to 1326,

Don't do this.  It's a dangerous privilege.  Let SYSTEM handle that
except you really know what you're doing.  E. g.  using a special
user for that purpose which has specific rights...

> When running sshd as SYSTEM, I get these errors: 1308, 5, 1326.  Error
> 5 is "Access Denied".  Here is the relevant excerpt from strace...
> [...]
> 521384 17135790 [main] sshd 1968 seterrno_from_win_error: /netrel/src/cygwin-1.3.12-2/winsup/cygwin/security.cc:297 windows error 5
>   203 17135993 [main] sshd 1968 geterrno_from_win_error: windows error 5 == errno 13

This looks exactly like the problem I told you.  You probably don't
have permissions to get the group information of a domain user. See
the remarks section in

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netmgmt/ntlmapi2_10xf.asp

and ask your sysadmin.

> One interesting thing, however, is that mkpasswd doesn't handle RIDs >
> 65535 too well...
> 
> DM2328:unused_by_nt/2000/xp:213147:10513:DM2328,U-DOMAIN\DM2328,S-1-5-21-DDD
> -203147://NTSRV/DM2328$:/bin/bash
> 
> With this passwd entry, the uid gets set to 16539, which is (213147 %
> 0x10000L), but there is no uid-to-username mapping for uid 16539 so
> things like 'id' and 'ls -l' show only the numeric value for uid (i.e.
> 16539).  IMHO, until uids are 32 bits, mkpasswd should be changed to use
> ((RID+offset) % 0x10000L) as the uid.  It will (still) have conflicts if
> two users' RIDs differ by a multiple of 65536, but that conflict exists
> with the current mkpasswd (it's just not so apparent).
> 
> It would also be nice if mkpasswd could detect the incorrect (though
> intuituve, IMHO) syntax that I had been using and print a more
> meaningful error message.

Patches gratefully accepted,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]