ntsec: What am I doing wrong?
Fri Nov 26 03:55:00 GMT 1999
"Charles S. Wilson" wrote:
> mkpasswd -l -g > passwd
> mkgroup -l > group
> I'm using NT, so in the "My Computer"->Properties->Environment pane, I
> set CYGWIN=binmode tty ntea ntsec
> Now, I start bash, and do an 'ls -l'
> total 17
> -rw-rw-rw- 1 user group 871 May 19 1999 bashrc
> -rw-rw-rw- 1 user group 9828 Dec 1 1998 termcap
> 'id' reports:
> uid=0(user) gid=0(group)
do you work on a FAT partition? FAT isn't able to handle NT security
settings. On FAT all entries are simulated to be owned by the current
If you use NTFS, you should make your sample real: Send the output
of `mkpasswd -l' `mkgroup -l' and `ls -ln' of an NTFS dir.
In the latest snapshots `ntsec' has additional features which are
not visible on the first glance. You are able to use them if you
call `mkpasswd' and `mkgroup' from the snapshots. Both tools now
additionally write the SIDs into the passwd and group file.
Unfortunately, I still haven't updated the ntsec documentation
(documentation is WORK ;-)) so I post the brief description which
I have given in the developers mailing list. Hope, this helps.
Additional questions will be gladly answered (please send them
to the list).
============ SNIP ==============
I have patched ntsec so, that SIDs are used, that were previously
saved in /etc/passwd and /etc/group. This has following advantages:
- Correct working ntsec in domain environments.
- Non-login accounts (users _and_ groups) may get another name in
/etc/passwd and /etc/group files than their NT account name.
The new name is transparently used by applications (so chown,
chgrp, ls -l, etc. use them now),
No problem if running in console window,
BUT: If you need the account to login via telnet, ssh or similar
the login name _must_ be the NT user name.
- Cygwin UIDs and GIDs are now not necessarily the RID part of the
- As with U*X systems, UIDs and GIDs numbering scheme now don't
influence each other, so it's possible to have same Id's for a
user and a group,
root::0:0:... # former 'administrator::500:544:...'
root::0: # former 'administrators::544:'
Disadvantages, if you like to use the new features:
- /etc/passwd: The pw_gecos field has to contain a SID as the last
element of the comma separated list.
- /etc/group: The gr_passwd (former unused) has to contain a SID.
If no SIDs are found in /etc/passwd and /etc/group, ntsec acts like
the previous version.
The SIDs are saved in standard WinNT notation (S-1-5-32-...)
the utilities mkpasswd and mkgroup are patched, to support the new
- mkpasswd and mkgroup generate SIDs by default. This behaviour may
be switched off by the new commandline option `-s' or `--no-sids'.
Moreover, mkpasswd generates the home dir path with the function
cygwin_conv_to_posix_path(), so mount points are used now. This
behaviour may be changed to `/cygdrive/<Driveletter>' by using the
commandline option `-m' or `--no-mount'.
============ SNAP ==============
Want to unsubscribe from this list?
Send a message to firstname.lastname@example.org
More information about the Cygwin