This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ssh session w/reduced credentials; simple TEST CASE to show problem


simple test case:
  <Windows 2003 server - Standard Edition; service pack 1>

  Please use an account in the local administrators group.
  Mine was a direct member, ie the account itself shows up if
  you run 'net localgroup administrators'.  Next verify you can
  'ssh localhost' OK.

  To create the problem, create any empty localgroup, say for example
  "toss_soon".  Then run:

    net localgroup toss_soon /add administrators

  Now try 'ssh localhost', as the same user.  Once you have a shell
  prompt, type 'whoami' - if the problem shows up the output is: 

    YOURHOSTSNAME\sshd_server.

  To make the problem go away, run:

    net localgroup toss_soon /delete administrators

BTW, we're unable to remove administrators from the group in
our case, and I prefer not to have to add the user to the group -
the account is already in the local administrators group.

--
thanks,
Tom

pls see a comment or two below:

On Tue 1/31/06 10:32 CST Tom Rodman wrote:
--snip
> -- The Problem --
> 
> On Monday several compilers were loaded on this host (OurSrvr064);
> because of this, 4 new local groups were created. So, I updated
> /etc/group, by running 'mkgroup -ld', and subsequently re-doing
> Pierre's approach- adding the username ("staffuser2", a domain user) into
> the "userlist" [4th field] in /etc/group for each group listed by 'id -G'.
> Unfortunately this failed. Also, the ssh session showed one
> *additional* local group (gid 1008) for user staffuser2; additional w/r to
> the (non ssh session) Terminal Services bash session 'id -G' output.
> Also notable, was that whoami shown: "OurSrvr064\sshd_server", instead of
> "staffuser2".
--snip
> $ : next, will run test script, it works just fine in a Terminal Service session:
>   $ /cygdrive/c/adm/ssh_test_my_rights00
>   + cd //OurServer108/tcm
>   + id -G
>   10513 544 545 1010 19858 19968 16025 16027 16024
>   + id
>   uid=15776(staffuser2) gid=10513(Domain Users) groups=544(Administrators),545(Users),1010(Debugger Users),19858(ABC_NA-CTX-Notepad-A),19968(ABC_NA-DOMxx0-tcm-Users-A),10513(Domain Users),16025(XYZ_BLD_MGR),16027(XYZ_ES_STAFF),16024(XYZ_Users)
>   + :
>   + whoami
>   staffuser2
--snip
>   $ : Notice that next test fails again even though groups for staffuser2 more than match,
>   $ : the groups staffuser2 is in within a Term Service session (1008 is the extra local group).
>   $ ssh localhost /cygdrive/c/adm/ssh_test_my_rights00 
>   staffuser2@localhost's password: 
>   + cd //OurServer108/tcm
>   /cygdrive/c/adm/ssh_test_my_rights00: line 3: cd: //OurServer108/tcm: Permission denied
>   + id -G
>   10513 544 545 1010 1008 19858 19968 16025 16027 16024
>   + id
>   uid=15776(staffuser2) gid=10513(Domain Users) groups=544(Administrators),545(Users),1010(Debugger Users),1008(OWS_2416084231_admin),19858(ABC_NA-CTX-Notepad-A),19968(ABC_NA-DOMxx0-tcm-Users-A),10513(Domain Users),16025(XYZ_BLD_MGR),16027(XYZ_ES_STAFF),16024(XYZ_Users)

OWS_2416084231_admin (1008) is the problem group; ie it
shows up in the ssh session, but not in a simple
Terminal Services session

--snip
> -- The new local groups, and their members; these groups were added on Monday -- {
> 
-snip
>   C:\>net localgroup OWS_2416084231_admin
>   Alias name     OWS_2416084231_admin
>   Comment        Microsoft SharePoint role 'admin' for web 'http://OurSrvr064'
> 
>   Members
> 
>   -------------------------------------------------------------------------------
>   Administrators
>   The command completed successfully.
> 
--snip

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]