FW: Description of the new 'ntsec' feature

Corinna Vinschen corinna@vinschen.de
Thu Aug 19 03:43:00 GMT 1999

Chris Faylor wrote:
> On Wed, Aug 18, 1999 at 09:20:36PM -0400, Suhaib M. Siddiqi wrote:
> > [...]
> >In my hands NTSEC had been very annoying.  I get all the time those
> >pinfo_proc kill at 1000 blah blah.
> >
> >I did not understand the philosophy behind NTSEC.  Cygwin is a
> >development tool not a multiuser UNIX login system, thus I am not sure
> >implementing all the UNIX traditional security features would be
> >helpfull for development tools.
> The philosophy was that we could get real ownership and real executable
> bits and real UNIX permissions.  I also thought it would be nice to have
> a multi-user NT system where people couldn't routinely kill each others'
> processes.  I asked Corinna for this and she spent a lot of time on it.

Another problem was: A cygwin process that was started via service
manager (inetd) and it's child process (telnetd, sshd, etc) couldn't
be killed with cygwin tools (kill). So I spent time to look over NT
security to solve this problem, which was a developers problem.

Note, that you are _able_ to work with cygwin as if you work in
the mentioned multiuser UNIX system. Moreover it's possible to
_develop_ with other persons in the same cygwin environment on
the same workstation together. Why not supporting this with a
suitable security model?

> I can understand why you don't want to use it.  Just turn if off.  If
> you still are having problems then they're probably not due to ntsec.
> There's probably a bug in cygwin from something *I've* done.

And there's probably a bug in ntsec, too. I hope that some people are
willing, to give ntsec a try. It works "for me" but I'm not able to
see all consequences in my environment, so I need feedback. 
If nobody would test your XFree porting results you would have a
far bigger problem, isn't it?

The main items are:
- Are there real bugs?
- Are the choosen security settings adequate?
- Should the settings for administrators better be as in NT itself?
- How is it possible to do convenient without /etc/passwd and

And, last but not least: Patches are gratefully accepted ;-)


Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

More information about the Cygwin mailing list