ntsec, passwd, and group issues again

Steve Jorgensen jorgens@coho.net
Wed Aug 1 16:37:00 GMT 2001


OK, this time, I've read the manual, and I thought I understood exactly 
what ntsec is supposed to do with file permissions and ownership and how 
the /etc/passwd and /etc/group files are used.  I started experimenting, 
and find that I'm obviously still somewhat confused.

The good news is, now I can function.  I can run tar -xvzf <package>, and I 
don't end up with permission errors trying to extract files into the newly 
created directories.  I still don't understand the permissions that are 
applied to created files and directories, however.

There is a domain user called SJDeveloper1 who is a member of domain group 
SJDevelopers.  I set up the passwd and group files so SJDeveloper1 has 
SJDevelopers as primary group.  If I run Cygwin bash as this user, echo aaa 
> aaa, and check the permissions in Explorer (yes, I know/understand not to 
click OK afterward), I see that SJDeveloper1 is the owner, but permission 
entries exist only for Administrator, Everyone, and None.  Shouldn't there  
 be an entry for SJDeveloper1's default group, SJDevelopers?

Next, from the Cygwin bash prompt:

	$ find -printf "%f %g %u\n"
	. SJDevelopers SJDeveloper1
	aaa SJDevelopers SJDeveloper1

OK, that looks like it should, though I'm not sure how it's determining 
what group to report.

Next, from the Cygwin bash prompt:

	$ chmod -w aaa
	chmod: changing permissions of `aaa': Permission denied

What?  I thought I owned the file - can't I do anything I want with 
permissions?

OK, try working as user sjwkstnadmin - member of Administrators on local 
machine (and Domain Users).  sjwkstnadmin is set up in /etc/passwd to have 
local Administrators group as default.

When I do the echo aaa > aaa and check permissions in Explorer, I see 
something plausibly right, though some points I don't get.  I see 
sjwkstnadmin is the owner, and I see permission settings for...

<machine>/wkstnadmin (good - I didn't see permissions for self as 
SJDeveloper1)
<machine>\Administrator (not sure why, but no problem)
<machine>\Administrators (good - default group for user)
Everyone (good)
<machine>\None (I thought this wasn't supposed to happen on domain with 
proper passwd & group, but shouldn't matter, right?).

Now try...

	$ find -printf "%f %g %u\n"
	. Administrators sjwkstnadmin
	aaa Administrators sjwkstnadmin

Looks good

$ chmod -w aaa

	sjwkstnadmin@SJDEV01 ~
	$ ls -l
	total 1
	-r--r--r--    1 sjwkstna Administ        4 Aug  1 16:16 aaa

All OK.
Now, look at permissions in Explorer again.  All looks OK except 
<machine>\Administrator retains full control (why?), and <machine>\None 
retains write permission (OK, I guess since not usable).

Below are copies of my /etc/passwd and /etc/group file contents if needed:

/etc/passwd
------------------
Everyone:*:100:100:,S-1-1-0::
SYSTEM:*:18:18:,S-1-5-18::
Administrators:*:1:0:,S-1-5-32-544::
Administrator::10500:10512:,S-1-5-21-455485110-1572165696-1819828000-500  
:/home/Administrator:/bin/bash
Guest::10501:10514:,S-1-5-21-455485110-1572165696-1819828000-501:/home/G  
uest:/bin/bash
NewSystem::11011:10513:New 
System,S-1-5-21-455485110-1572165696-1819828000-1011:/home/NewSystem:/bi  
n/bash
SJDeveloper1::11008:11009:Steve Jorgensen (at 
home),S-1-5-21-455485110-1572165696-1819828000-1008:/home/SJDeveloper1:/  
bin/bash
SJNTDomainAdmin::11005:10512:SJNT Domain 
Admin,S-1-5-21-455485110-1572165696-1819828000-1005:/home/SJNTDomainAdmi  
n:/bin/bash
sjwkstnadmin::11020:0:Workstation 
Administrator,S-1-5-21-455485110-1572165696-1819828000-1020:/home/sjwkst  
nadmin:/bin/bash
SQLAgentCmdExec::11015:10513:SQLAgentCmdExec,S-1-5-21-455485110-15721656  
96-1819828000-1015:/cygdrive/c:/bin/bash
SQLExecutiveCmdExec::11006:10513:SQLExecutiveCmdExec,S-1-5-21-455485110-  
1572165696-1819828000-1006:/cygdrive/c:/bin/bash
SteveJVPN::11014:10513:SteveJVPN,S-1-5-21-455485110-1572165696-181982800  
0-1014:/home/SteveJVPN:/bin/bash
Yraina::11010:10513:Yraina Chantres,S-1-5-21-455485110-1572165696-181982  
8000-1010:/home/Yraina:/bin/bash
LocAdministrator::0:0:,S-1-5-21-1993962763-113007714-1202660629-500:/hom  
e/LocAdministrator:/bin/bash
LocGuest::501:546:,S-1-5-21-1993962763-113007714-1202660629-501:/home/Lo  
cGuest:/bin/bash

/etc/group
------------------
Everyone:S-1-1-0:100:
SYSTEM:S-1-5-18:18:
DomainAdmins:S-1-5-21-455485110-1572165696-1819828000-512:10512:
DomainGuests:S-1-5-21-455485110-1572165696-1819828000-514:10514:
DomainUsers:S-1-5-21-455485110-1572165696-1819828000-513:10513:
SJDevelopers:S-1-5-21-455485110-1572165696-1819828000-1009:11009:
Administrators:S-1-5-32-544:0:
BackupOperators:S-1-5-32-551:551:
Guests:S-1-5-32-546:546:
PowerUsers:S-1-5-32-547:547:
Replicator:S-1-5-32-552:552:
Users:S-1-5-32-545:545:



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list