Puzzling local share permissions problem with ssh sessions on Win2K3

Andrew DeFaria Andrew@DeFaria.com
Fri Apr 27 22:33:00 GMT 2007


Shankar Unni wrote:

> I have a Win2K3 SP1 system, freshly installed with the latest bits, 
> and sshd installed with privilege separation (using ssh_host_config).  
> The /etc/passwd has both local and domain users (in that order), as 
> does /etc/group.
>
> I have a local shared directory c:\Views (shared as 
> \\myhostname\Views). The problem is that when I log in as a domain 
> user, and try to write something into \\myhostname\Views\, I get a 
> permission denied error, even though I can do this successfully if I 
> come in as that same user via Terminal Services.
>
> Here's a matrix of various file creation attempts I tried, logging in 
> to the server (I'm calling it "A" in the chart below) via TS or sshd, 
> with or without a password.   For good measure, I logged in as the 
> same domain user, via sshd, to a different machine, and accessed the 
> same share successfully from there!
>
>                               C:\Views       \\A\Views  \\Common\share
>
> logged in to A via              OK              OK           OK
> Terminal Services
>
> logged in to A via              OK             Fails         OK
> sshd, with password
>
> passwordless pubkey             OK             Fails         OK
> ssh login to A
>
> logged in to B (other           --              OK           OK
> machine) via sshd,
> as the same user
> (with or without password)
>
>
> What is special about accessing your own host's shares, when logged in 
> via sshd? sshd-logged-in users seem to be able to access shares on 
> other systems using normal rules; just not shares on their own system.
>
> I've attached a cygcheck.out (from the passwordless pubkey login).  
> Any ideas on what I can try to make the two "Fails" cases above work?
>
> (This is needed for Clearcase to be able to create views in that 
> directory. The stupid thing insists on using a share path for creating 
> views, even private ones).
Hey Shankar. WAG here. With Windows 2K3 came more security. Check to see 
what your *share* permissions are - not just the permissions of the 
folder but the permissions of the share point. I believe MS added 
something like Network: Deny for security sake and that screws up 
Clearcase which you rightly point out insists on using full UNC paths 
(for good reason mind you).

BTW It also insists on this for VOBs with the same sorts of issues...
-- 
Andrew DeFaria <http://defaria.com>
If you must choose between two evils, pick the one you've never tried 
before.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list