This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: running the latest cygwin on a windows 2003 server


 
> -----Original Message-----
> From: Stefan Zachow 
> Dave Korn wrote:
> >
> >Try giving your cygwin non-admin user accounts the "Create 
> paging files"
> >privilege and see if that helps.  I _think_ you have to do 
> that using 
> >the group policy editor, gpedit.msc.
> >
> OK, I did - unfortunately without any change.

  Ah, of course, you're using a domain.  The enabled privs for domain users
and groups come from the domain controller, rather than the local machine.
So altering the privs locally isn't an option.  D'oh, my bad.

  Secondly, I shouldn't have told you to use gpedit.msc; I should have told
you to use the local security settings tool in the control
panel/administrative tools.  Double d'oh.  However, all this is irrelevant
anyway, since you're logged into a domain.

> How is this Windows information mapped
> to cygwin, resp. how do I synchronize this with my group 
> settings in /etc/group ?

  It isn't mapped to cygwin.  It's just that any logged-in user only has
certain rights to access and use various of the OS facilities.  If you're
logged into your machine and you don't have the right to create paging
files, then *any* program, not just cygwin, that tries to create one will
fail.

  The information about which users are members of which groups is available
to cygwin, and that's what the mkgroup command is for: it contacts the
domain controller and finds out what groups there are in the domain and
which users are in each group.  For cygwin to know about the new "cygwin
users" group, you'd need to regenerate your /etc/group file with mkgroup;
but it doesn't matter in this case, because it is the underlying OS rather
than cygwin that is responsible for enforcing the "create paging file"
privilege.

  Note also that changes to your user/group privilege settings don't take
effect until you logout and log back in again.  Your access token needs
rebuilding.
 
> I did rebuild /etc/group again for local groups? With 
> 'mkgroup- d DOMAIN'
> I have some other problems, sigh.
> 
> The problem occurs only for non local users, mapped into the 
> system via mkpasswd -d DOMAIN and mkgroup -D DOMAIN
> 
> Since my user information is comming from a domain database I 
> cannot assign the 'cygwin users' group to all possible users, 
> neither I can add them all as local users.
 
  Yep, because you're dealing with domain groups and users, none of the
settings on the local machine affect the rights/privs those user accounts
are granted.  You'll have to try implementing this fix at the domain
controller.

> What else do I have to consider after
> changing the 'create pagefile' option?

  You'll need the domain admin to create a group for "Cygwin Users", to give
the cygwin users the "Create paging files" right in the domain policies, and
to add a non-admin user to that group for you just to test if this is really
the problem.

  *OR*, and I'm not 100% sure this would work but it probably will, you
could go to control panel/administrative tools/local security settings, go
to Security settings/local policies/audit policy, double-click the 'audit
privilege use' option, and enable both success and failure logging.  Then
you could retry starting bash, and see if an event turns up in the security
event log; this would at least tell you whether or not the problem truly is
that the non-admin users aren't allowed to create paging files.


    cheers, 
      DaveK
-- 
Can't think of a witty .sigline today....
 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]