sshd and network share permissions

Joe Hetrick jhetrick@bitjanitor.net
Thu Apr 6 17:41:00 GMT 2006 


Dave Korn wrote:
> On 06 April 2006 17:31, Joe Hetrick wrote:
> 
>> Dave Korn wrote:
>>> On 06 April 2006 16:01, Joseph Hetrick wrote:
>>>
>>>> 	I've set cygwin sshd up according to the following (which seems to be
>>>> what is posted to the list at various intervals).
>>>>
>>>> http://pigtail.net/LRP/printsrv/cygwin-sshd.html
>>>
>>>   Well, if you've read those posts, you'll also have read the follow-ups,
>>> won't you, and so you'll already have known before you even sent that post
>>> that you aren't going to get an answer here, won't you, and so it isn't
>>> really clear why you even bothered to finish the post and send it, is it?
>>>
>> I'm not really sure I see what you're getting at.
> 
>   The fact that nobody here offers support services for pigtail.net.  If you
> follow some non-standard instructions from some random website on the net, and
> something goes wrong, you should ask the place you got the instructions from
> what the problem is with their instructions.  Nobody here is necessarily going
> to have any idea what it says at that site, nor is anyone going to be keen to
> jump up and do a detailed analysis of the similarities and discrepancies
> between what they suggest and the officially recommended way of configuring
> cygwin as seen in the cygwin documentation.
> 

Understood.  Was just being honest, however.

>> Unless its that I
>> didn't also mention that I read and followed
>> /usr/share/doc/Cygwin/openssh.README
> 
>   Ah, so you've followed some random combination of the right instructions and
> some random set of unknown instructions.  Great.  Well, all I can say based on
> that is that you might have got it right and there might be a real problem, or
> you might have got it wrong and the problem might just be caused by something
> unimportant or something else.  Or not.
> 

Also understood, and anticipated.  Fortunately (or un) I'm also fiddling 
in a VMware environment so I was bright enough to just revert snapshots 
so I could be reasonably sure I was back to a Cygwin Known State.

>   (It would have been a better idea to mention the bit that we all know about
> rather than the bit which every single time it gets mentioned somebody has to
> point out all over again that we don't know what advice or instructions they
> give out at pigtail dot net and therefore cannot give informed responses to
> queries regarding it.)
>  

So, at this point lets forget I even mentioned pigtail, and start to 
assume that I'm running fresh and maybe have some misconceptions about 
How Things Actually Should work versus what I groked from:

http://cygwin.com/cygwin-ug-net/ntsec.html


>> I see plenty of responses to postings with less specific and less
>> complete postings than my own, which normally direct folks to
>> openssh.README.
> 
>   So, why didn't you know to ignore the pigtail dot net site and /just/ use
> the canonical instructions?
> 

Well, in all honestly I tried those second...  And then I went back to 
known and reworked through the Cygwin Blessed, to be sure I hadn't made 
any of the posted mistakes in that process.

>> My questions were more directed at the behavior that I was seeing and if
>> it fit with what I should be seeing when sshd runs as SYSTEM.
> 
>   OK, then the answer to your question "Is this a symptom of sshd running as
> SYSTEM?" is "Yes under certain circumstance, no under others, ACCORDING TO HOW
> YOU'VE CONFIGURED AND SET UP YOUR SYSTEM".  And since that vital second clause
> is full of unknowns, any answer we give you is likely to be equally uncertain.
> 

And I'll pretty much fess up to being in an odd environment.  Most 
postings seemed to be around local users with remote share points and 
permissions.  In my case it's domain users and remote share points (both 
samba and 2k3), though, in theory, it seems like with some twiddle, this 
should be perfectly servicable.

I'll also fess up to not being overly comfortable with windows 
permissions and then how they're handled by NTSEC/SMBNTSEC.

The obvious next step may be to get running sshd as !SYSTEM in an 
attempt to get around credential problems, which I'm currently doing 
battle with, and wasn't quite informed enough to post some questions 
I've got there.

> 
>> I wasn't groveling for a canned solution, I was merely following posting
>> rules, and asking a few questions related to what I was seeing in hopes
>> that I could get a confirmation or two.
> 
>   Well, full marks for attaching your cygcheck.out anyway.
> 
>   Shouldn't you be doing something about that "mkgroup-l-d"?
> 

Yea, that is a problem.  The particular user is a member of piles of 
groups, and I've begun working through why those aren't happening.


Thanks, I'll go work through my groups with a bit more effort.  And work 
through a few more possibilities and try and see if I can come up with 
something more specific with a more specific set of responses.

J

> 
>     cheers,
>       DaveK

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list