This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ssh session can't see share permissions; rights for disk share reduced..


Tom Rodman wrote:

> Just upgraded to 1.5.18. Having several problems with
> network drives in ssh sessions - problems not seen in 1.5.10
> or earlier.  Here they are:
> 
> # ********************************************************************
> # ssh session can not read share permissions w/"setacl"
> # ********************************************************************
>   # -------------------------------------------------------------------- 
>   # reference (good/OK) example in console bash session
>   # (notice user staffuser1 is in group 'XYZ_ES_ADMIN')
>   # -------------------------------------------------------------------- 
>   ~ $ uname -a
>   CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown unknown Cygwin
>   ~ $ echo $CYGWIN
>   binmode tty ntsec smbntsec
>   ~ $ id
>   uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF)
> groups=0(root),544(Administrators),19858(ABC_NA-CTX-Notepad-A),10513(Domain
> Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users) ,545(Users)
>   ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
>   \\OurBox108\scm
> 
>     DACL(not_protected):
>      Everyone   read+SHARE_WRITE+WRITE_OWNER+WRITE_DAC   allow   no_inheritance
>     DOMxx1\XYZ_ES_ADMIN   full   allow   no_inheritance
> 
>   # -------------------------------------------------------------------- 
>   # failing example in ssh bash session
>   # -------------------------------------------------------------------- 
>   ~ $ uname -a
>   CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown unknown Cygwin
>   ~ $ echo $CYGWIN
>   binmode tty ntsec smbntsec
>   ~ $ id
>   uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF) groups=0(root),544(Administrators),10513(Domain
> Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users),545(Users)
>   ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
>   ERROR reading SD from <\\OurBox108\scm>: Access is denied.

I am assuming you use ssh with a password. Correct? If not, discard what follows.

This is probably due to a change in ssh, which in turn necessitated a change in Cygwin
to contact the domain server to obtain the groups you belong to, even before ssh
logs you in.

Looks like your server is omitting the group ABC_NA-CTX-Notepad-A  This causes
Cygwin to generate an internal  token to log you in, instead of using the token provided by
Windows from your ID/passwd. Your domain does not trust the credentials produced by
Cygwin.

If the above is true, here is a workaround:
edit /etc/group and add "staffuser1" at the end of the line for the group ABC_NA-CTX-Notepad-A
(which should have gid 19858).
This will remedy the problem with the domain server.

It would be nice to understand why a group is not reported (probably a security issue) but
doing so probably requires help from a knowledgeable and helpful network admin.  

Pierre



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]