This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: NTsec permissions issue over inet

From: "Bruce Dobrin" <dobrin at imageworks dot com>
To: <cygwin at cygwin dot com>
Date: Fri, 30 May 2003 16:46:26 -0700
Subject: Re: NTsec permissions issue over inet
References: <Pine.GSO.4.44.0305281620580.17652-100000@slinky.cs.nyu.edu> <011a01c32575$f8aeea40$4d1f1cac@THEODOLITE> <3ED6110A.4030209@cygwin.com> <00a801c32612$89cf31f0$4d1f1cac@THEODOLITE> <3ED6BE82.6070807@cygwin.com> <009f01c32704$815b42a0$4d1f1cac@THEODOLITE>

Sorry,  On re-reading that,  it's not as clear as it could be,  the example
used in the previous e-mail ( below) was on a later version of cygwin,  it
is not the 1.3.2  machine referred to earlier in the message.

----- Original Message ----- 
From: "Bruce Dobrin" <dobrin@imageworks.com>
To: <cygwin@cygwin.com>
Cc: <cygwin@cygwin.com>
Sent: Friday, May 30, 2003 4:37 PM
Subject: Re: NTsec permissions issue over inet


> Thanks for responding Larry,
>
> I actually had tried most permutations of (no)ntsec, (no)smbntsec,
(no)ntea,
> etc... and on other machines that didn't have weird path or passwd
> entries. -- no dice
>
> I think I may have a good hint as to what is going on,  but I'll need
> someone who knows the system better than I to figure out the solution.
>
> By the way I have around 300 machines here,  and I found one which is
> running cygwin1.3.2 and which works fine.  This leads me to think that it
is
> something to do with the hosts.equiv functionality which I believe was non
> functional before at 1.3.2 ( at least I didn't use it here).  I found
> machine that if I : forced the user to use a password and I set some
> permutations of the permissions...  it then works:  example:
>
> dobrin@THEODOLITE:/home/dobrin> rsh gable3
> Fanfare!!!
> ..........
> dobrin@GABLE3:/home/dobrin> echo $CYGWIN
> ntea nontsec smbntsec
> dobrin@GABLE3:/home/dobrin> cd //matilda/dist
> //matilda/dist: Permission denied.
>
> BUT,  If I force a passwd entry:
>
> dobrin@THEODOLITE:/home/dobrin> rsh gable3 -l poo
> Password:
> Login incorrect
> login: dobrin
> Password:
> Fanfare!!!
> ...........
> dobrin@GABLE3:/home/dobrin> echo $CYGWIN
> ntea nontsec smbntsec
> dobrin@GABLE3:/home/dobrin> cd //matilda/dist
> dobrin@GABLE3:/matilda/dist>
>
>
> Unfortunately I don't really think of this as a good solution ,  and it
> doesn't appear to work with my default $CYGWIN setup.
> Does this help at all?
> Thanks,
> Bruce
>
> ----- Original Message ----- 
> From: "Larry Hall" <cygwin@cygwin.com>
> To: "Bruce Dobrin" <dobrin@imageworks.com>
> Cc: <cygwin@cygwin.com>
> Sent: Thursday, May 29, 2003 7:14 PM
> Subject: Re: NTsec permissions issue over inet
>
>
> > Bruce Dobrin wrote:
> > > Here are the Cygcheck,  and Group files,  I'll include the my
(typical)
> > > passwd entry as we have a ( legitimate) policy against publishing our
> login
> > > id's ( I know it doesn't include encrypted passwd's, but with 650
> entries,
> > > but I'd like to reduce the fodder for someone's foreach loop thru a
> cracking
> > > program).
> > >
> > >
> > > representative passwd entries:
> > >
> > > SYSTEM:*:18:544:,S-1-5-18::
> > > Administrators:*:544:544:,S-1-5-32-544::
> > >
>
dobrin:unused_by_nt/2000/xp:11014:10512:Brucester,U-PRODUCTION\dobrin,S-1-5-
> > > 21-501104424-1911818820-14498641-1014:/home/dobrin:/bin/bash
> > >
> > >
> > > Thanks
> > > Bruce Dobrin
> >
> >
> > Partial passwd entries is fine.  What you provided is adequate.
> >
> > The basics look OK.  I find two things in common between your
information
> > and Steve's:
> >
> >    1. You both appear to have a strange entry in your path.  I'm not
> >       sure if it's some weird artifact of cygcheck or if it's actually
> >       in the path.  In yours, you have a directory that looks like this:
> >
> >       "c
> >       C:\cygwin\program_files\diskaccess\bin"
> >
> >       Steve's is just "c".
> >
> >    2. You both have a carriage return as the last character in either
> >       your passwd or group files.
> >
> > Neither of these are clearly related to this issue but should be
> > investigated and cleaned up.  Also, neither of you set 'smbntsec'
> > in your CYGWIN environment variable (before starting Cygwin or any of
> > it's services).  Please do, just so we can rule this out as an issue.
> > Also, since you both claim that this used to work, please try removing
> > 'ntsec' and 'smbntsec' and/or adding 'nontsec' to your CYGWIN
environment
> > variable (before starting Cygwin or any of it's services).  This should
> > help pinpoint whether turning 'ntsec' on by default in recent releases
> > has any bearing.
> >
> >
> >
> > -- 
> > Larry Hall                              http://www.rfk.com
> > RFK Partners, Inc.                      (508) 893-9779 - RFK Office
> > 838 Washington Street                   (508) 893-9889 - FAX
> > Holliston, MA 01746
> >
>
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: NTsec permissions issue over inet
  - From: Bruce Dobrin

References:
- Re: NTsec permissions issue over inet
  - From: Igor Pechtchanski
- Re: NTsec permissions issue over inet
  - From: Bruce Dobrin
- Re: NTsec permissions issue over inet
  - From: Bruce Dobrin
- Re: NTsec permissions issue over inet
  - From: Bruce Dobrin

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]