NTFS permissons bug?

Don Beusee don@beusee.com
Fri Mar 10 13:36:00 GMT 2017 

I'm having a problem with openssh on cygwin.  When I'm logged into 
windows, things are fine, even in a cygwin64 window:

dbeusee2@lan /e
$ cd ppscvsroot/

dbeusee2@lan /e/ppscvsroot
$ id
uid=1049863(dbeusee2) gid=1049089(Domain Users) groups=1049089(Domain 
Users),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated 
Users),15(This 
Organization),66048(LOCAL),1050040(vpn-demo),1050138(CVS-PPS 
users),1049743(PPUser),1050137(CVS Users),1049741(Sharepoint 
AllUsers),401408(Medium Mandatory Level)

dbeusee2@lan /e/ppscvsroot
$ getfacl /e/ppscvsroot/
# file: /e/ppscvsroot/
# owner: Administrators
# group: Domain Users     <--------- where is this coming from?  I have 
removed this from the permissions!  Is this cached somewhere?
user::rwx
group::---
group:SYSTEM:rwx
group:CVS-PPS users:rwx
mask:rwx
other:---
default:user::rwx
default:group::---
default:group:SYSTEM:rwx
default:group:CVS-PPS users:rwx
default:mask:rwx
default:other:---


dbeusee2@lan /e/ppscvsroot
$ ls -ld /e/ppscvsroot/
drwxrwx---+ 1 Administrators Domain Users 0 Mar  9 19:02 /e/ppscvsroot/

dbeusee2@lan /e/ppscvsroot
$


But when I ssh into it, things are not fine:

dbeusee@pp165 ~/.ssh
$ ssh dbeusee2@lan
Last login: Thu Mar  9 20:30:05 2017 from 192.168.104.74

dbeusee2@lan ~
$ id
uid=1049863(dbeusee2) gid=1049089(Domain Users) groups=1049089(Domain 
Users),11(Authenticated Users),66048(LOCAL),66049(CONSOLE 
LOGON),4(INTERACTIVE),15(This 
Organization),545(Users),1050040(vpn-demo),1049743(PPUser),1050137(CVS 
Users),1049741(Sharepoint AllUsers),401408(Medium Mandatory Level)

dbeusee2@lan ~
$ cd /e/ppscvsroot/
-bash: cd: /e/ppscvsroot/: Permission denied

dbeusee2@lan ~
$ ls -ld /e/ppscvsroot/
drwxr-x--- 1 Unknown+User Unknown+Group 0 Mar  9 19:02 /e/ppscvsroot/

dbeusee2@lan ~
$

I noticed in the "id" output in the problem ssh session, this group is 
missing: "1050138(CVS-PPS users)".  Could this be the reason?  Is sshd 
not doing group recursion?  The dbeusee2 username is a member of CVS 
Users, which has access to more CVS repositories than CVS-PPS Users.

And what's up with the Unknown+User and Unknown+Group in the ssh 
session's ls command output?

This system (lan) is running WS 2016 STD.  CVS Users group is a member 
of CVS-PPS group in AD (WS Enterprise 2003 R2).  The ppscvsroot folder 
is given access to CVS-PPS Users group. Domain Users used to be granted 
to ppscvsroot, but I removed that so that CVS-PPS Users would control 
the access.  Why am I not able to access the folder from the ssh session?

How do I solve this problem?

Version of OpenSSH (from cygwin) is:

dbeusee2@lan ~
$ ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k  26 Jan 2017

Version of cygwin:

dbeusee2@lan ~
$ uname -a
CYGWIN_NT-10.0 lan 2.7.0(0.306/5/3) 2017-02-12 13:18 x86_64 Cygwin

Please advise.

-Don




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list