This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: ssh session can't see share permissions; rights for disk share reduced..

From: cygwin at trodman dot com
To: cygwin at cygwin dot com
Date: Tue, 26 Jul 2005 16:07:45 -0500
Subject: Re: ssh session can't see share permissions; rights for disk share reduced..
References: <176d01c5921e$9941fd00$3e0010ac@wirelessworld.airvananet.com>

Pierre:

Thanks for your help.  After I rebuilt
/etc/passwd and /etc/group some but not all of the symptoms went away-
I'm pretty sure /etc/group was corrupt (my fault).   I will post again after
I get things in order, but for now I still can not write to the share:

  > 16:04:01 Tue Jul 26 0j tty0 3204 ~
  > OurBox120 staffuser1 > id
  uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF) groups=544(Administrators),10513(Domain Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users),545(Users)
  > 16:04:14 Tue Jul 26 0j tty0 3204 ~
  > OurBox120 staffuser1 > ls -l /etc/{passwd,group}
  -rw-rw-r--  1 staffuser1 XYZ_ES_STAFF 178626 Jul 26 15:49 /etc/group
  -rw-rw-r--  1 staffuser1 XYZ_ES_STAFF  44725 Jul 26 15:49 /etc/passwd
  > 16:04:22 Tue Jul 26 0j tty0 3204 ~
  > OurBox120 staffuser1 > touch //OurBox108/scm/toss.$RANDOM
  touch: cannot touch `//OurBox108/scm/toss.13506': Permission denied


see comments below:

On Tue 7/26/05 16:14 EDT "Pierre A. Humblet" wrote:
> Tom Rodman wrote:
> 
> > Just upgraded to 1.5.18. Having several problems with
> > network drives in ssh sessions - problems not seen in 1.5.10
> > or earlier.  Here they are:
> > 
> > # ********************************************************************
> > # ssh session can not read share permissions w/"setacl"
> > # ********************************************************************
> >   # -------------------------------------------------------------------- 
> >   # reference (good/OK) example in console bash session
> >   # (notice user staffuser1 is in group 'XYZ_ES_ADMIN')
> >   # -------------------------------------------------------------------- 
> >   ~ $ uname -a
> >   CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown unknown Cygwin
> >   ~ $ echo $CYGWIN
> >   binmode tty ntsec smbntsec
> >   ~ $ id
> >   uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF)
> > groups=0(root),544(Administrators),19858(ABC_NA-CTX-Notepad-A),10513(Domain
> > Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users) ,545(Users)
> >   ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
> >   \\OurBox108\scm
> > 
> >     DACL(not_protected):
> >      Everyone   read+SHARE_WRITE+WRITE_OWNER+WRITE_DAC   allow   no_inheritance
> >     DOMxx1\XYZ_ES_ADMIN   full   allow   no_inheritance
> > 
> >   # -------------------------------------------------------------------- 
> >   # failing example in ssh bash session
> >   # -------------------------------------------------------------------- 
> >   ~ $ uname -a
> >   CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown unknown Cygwin
> >   ~ $ echo $CYGWIN
> >   binmode tty ntsec smbntsec
> >   ~ $ id
> >   uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF) groups=0(root),544(Administrators),10513(Domain
> > Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users),545(Users)
> >   ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
> >   ERROR reading SD from <\\OurBox108\scm>: Access is denied.
> 
> I am assuming you use ssh with a password. Correct? If not, discard what follows.

right I do login with a password (in general, and definitely for these tests)

> 
> This is probably due to a change in ssh, which in turn necessitated a change in Cygwin
> to contact the domain server to obtain the groups you belong to, even before ssh
> logs you in.
> 
> Looks like your server is omitting the group ABC_NA-CTX-Notepad-A  This causes
> Cygwin to generate an internal  token to log you in, instead of using the token provided by
> Windows from your ID/passwd. Your domain does not trust the credentials produced by
> Cygwin.

SORRY, I that "ABC_NA-CTX-Notepad" group was my problem - I believe my groups
file was corrupted/out of date!   I think I have fixed that now, and the problem
persists, but I will carefully double check everything and followup with at least another
posting either way.

> 
> If the above is true, here is a workaround:
> edit /etc/group and add "staffuser1" at the end of the line for the group ABC_NA-CTX-Notepad-A
> (which should have gid 19858).
> This will remedy the problem with the domain server.
> 
> It would be nice to understand why a group is not reported (probably a security issue) but
> doing so probably requires help from a knowledgeable and helpful network admin.  

again, I suspect it was my munged /etc/group file..

> 
> Pierre
> 
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- Re: ssh session can't see share permissions; rights for disk share reduced..
  - From: Pierre A. Humblet

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]