This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Inheriting parent ACLs?

On 24.09.2004 at 09:39 Gabe Rosenhouse wrote:
>Is there something I can read that contrasts the functionality
>implications of ntsec vs nontsec? 
> doesn't go into details on
>the differences between the two settings.
>One question specifically is, under nontsec, will domain users will
>still be able to login via SSH and be recognized as members of their
>domain groups?

I am no expert on cygwin internal details so I won't guess on 
the functionality implications.

But I have a system with NT4Server, the sshd daemon running with the
environment variable set to CYGWIN=nontsec binmode tty, and it works.
Clients can log in via ssh and are correctly recognized in the domain.
and because the sshd daemon has CYGWIN=nontsec, all bash logon shells
started via ssh also inherit the environment setting 'nontsec' and
everything works fine.
(mind, I just see that it works, I cannot give the exact reasons, it 
just works)

If you do not want your sshd daemon running with 'nontsec', but with 
'ntsec' but still require all login shells to have the environment
variable set to 'nontsec' it gets a bit tricky.
I experimented a bit, but take everything with the usual grain of salt.

There is a setting in sshd_daemon called 'PermitUserEnvironment' which
is set to 'no' per default. check out the man pages on this.

You can also edit one of the startup scripts which are read by bash at 
program start (I suppose other shells have something equivalent).
see man bash for a list of those files. one of them is /etc/profile IIRC.


Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]