ntsec: What am I doing wrong?
Charles S. Wilson
cwilson@ece.gatech.edu
Fri Nov 26 11:17:00 GMT 1999
I'm using the 1999-11-22 cygwin-inst with the 1999-11-23 cygwin1.dll.
All drives except C:\ (mounted as /c) are NTFS. And the example I gave
*was* real -- I wasn't making up the fact that 'id' reported UID/GID's
of "0" or that 'ls -l' said "user" and "group" instead of "cwilson"
and "None".
output of 'mkpasswd -l'
*****************
Everyone:*:0:0:,S-1-1-0::
SYSTEM:*:18:18:,S-1-5-18::
Administrator::500:513:,S-1-5-21-144006512-467950226-1660491571-500:/e/Users/Administrator:/bin/sh
cwilson::1002:513:Charles Wilson,S-1-5-21-144006512-467950226-1660491571-1002:/e/Users/cwilson:/bin/sh
Guest::501:513:,S-1-5-21-144006512-467950226-1660491571-501::/bin/sh
pehite::1004:513:Preston E. Hite,S-1-5-21-144006512-467950226-1660491571-1004:/e/Users/pehite:/bin/sh
services::1001:513:services,S-1-5-21-144006512-467950226-1660491571-1001:/e/Users/services:/bin/sh
thudson::1003:513:Tina Hudson,S-1-5-21-144006512-467950226-1660491571-1003:/e/Users/thudson:/bin/sh
output of 'mkgroup -l'
*****************
Everyone:S-1-1-0:0:
SYSTEM:S-1-5-18:18:
None:S-1-5-21-144006512-467950226-1660491571-513:513:
Administrators:S-1-5-32-544:544:
Backup Operators:S-1-5-32-551:551:
Guests:S-1-5-32-546:546:
Power Users:S-1-5-32-547:547:
Replicator:S-1-5-32-552:552:
Users:S-1-5-32-545:545:
NoLocalLogon:S-1-5-21-144006512-467950226-1660491571-1005:1005:
SU Users:S-1-5-21-144006512-467950226-1660491571-1000:1000:
output of 'id' (logged in as "Administrator")
*****************
uid=0(user) gid=0(group)
output of 'ls -l' (logged in as "Administrator")
*****************
total 936
drwxrwxrwx 1 user group 0 Mar 25 1999 APPS
-rw-rw-rw- 1 user group 524288 Jun 24 23:16 Application Log File Thru 6.24.99.evt
-rwxrwxrwx 1 user group 75 Jan 16 1999 CMDAUTO.CMD
drwxrwxrwx 1 user group 0 Feb 27 1999 DRIVES
-rw-rw-rw- 1 user group 230 Feb 28 1999 MACROS.TXT
drwxrwxrwx 1 user group 0 Oct 2 21:55 Net
-rw-rw-rw- 1 user group 37888 Jul 10 1997 NewAutoShapes.xls
-rwxrwxrwx 1 user group 731 Feb 28 1999 NewUser.cmd
-rw-rw-rw- 1 user group 103 Feb 28 1999 NewUser.tmp1
-rw-rw-rw- 1 user group 4991 Feb 28 1999 NewUser.tmp2
-rw-rw-rw- 1 user group 327680 Jun 24 23:16 System Log File Thru 6.24.99.evt
drwxrwxrwx 1 user group 0 Feb 3 1999 autosave
drwxrwxrwx 1 user group 0 Feb 28 1999 bin
-rw-rw-rw- 1 user group 625 Nov 26 12:46 foo
-rw-rw-rw- 1 user group 394 Nov 26 12:46 foo2
-rw-rw-rw- 1 user group 0 Nov 26 12:47 foo3
-rw-rw-rw- 1 user group 952 Feb 28 1999 mounts.reg
-rwxrwxrwx 1 user group 55568 Feb 28 1999 reg.exe
output of 'id' (logged in as "cwilson")
*****************
uid=0(user) gid=0(group)
output of 'ls -l' (logged in as "cwilson")
*****************
total 2329
drwxrwxrwx 1 user group 0 Nov 26 00:59 bzip2-0.9.5d
drwxrwxrwx 1 user group 0 Mar 13 1999 dllhelpers-0.2.5
-rw-rw-rw- 1 user group 0 Nov 26 12:58 foo6
-rw-rw-rw- 1 user group 1426994 Nov 24 21:31 freetype-1.3.tar.gz
-rw-rw-rw- 1 user group 324774 Nov 24 21:28 jbigkit-1.0.tar.gz
drwxrwxrwx 1 user group 0 Nov 26 05:53 jpeg-6b
drwxrwxrwx 1 user group 0 Nov 26 05:17 libpng-1.0.5
drwxrwxrwx 1 user group 0 Oct 14 07:43 libpng-1.0.5-orig
-rw-rw-rw- 1 user group 631491 Nov 24 21:15 tiff-v3.5.2.tar.gz
drwxrwxrwx 1 user group 0 Nov 26 05:10 zlib-1.1.3
Corinna Vinschen wrote:
>
> "Charles S. Wilson" wrote:
> > mkpasswd -l -g > passwd
> > mkgroup -l > group
> >
> > I'm using NT, so in the "My Computer"->Properties->Environment pane, I
> > set CYGWIN=binmode tty ntea ntsec
> > [...]
> > Now, I start bash, and do an 'ls -l'
> > total 17
> > -rw-rw-rw- 1 user group 871 May 19 1999 bashrc
> > [...]
> > -rw-rw-rw- 1 user group 9828 Dec 1 1998 termcap
> >
> > 'id' reports:
> > uid=0(user) gid=0(group)
>
> Hi Charles,
>
> do you work on a FAT partition? FAT isn't able to handle NT security
> settings. On FAT all entries are simulated to be owned by the current
> user.
>
> If you use NTFS, you should make your sample real: Send the output
> of `mkpasswd -l' `mkgroup -l' and `ls -ln' of an NTFS dir.
>
> In the latest snapshots `ntsec' has additional features which are
> not visible on the first glance. You are able to use them if you
> call `mkpasswd' and `mkgroup' from the snapshots. Both tools now
> additionally write the SIDs into the passwd and group file.
> Unfortunately, I still haven't updated the ntsec documentation
> (documentation is WORK ;-)) so I post the brief description which
> I have given in the developers mailing list. Hope, this helps.
> Additional questions will be gladly answered (please send them
> to the list).
>
> ============ SNIP ==============
> Hi!
>
> I have patched ntsec so, that SIDs are used, that were previously
> saved in /etc/passwd and /etc/group. This has following advantages:
>
> - Correct working ntsec in domain environments.
>
> - Non-login accounts (users _and_ groups) may get another name in
> /etc/passwd and /etc/group files than their NT account name.
> The new name is transparently used by applications (so chown,
> chgrp, ls -l, etc. use them now),
> e.g.:
> root::500:513:...
> instead of
> administrator::500:513:...
>
> No problem if running in console window,
> BUT: If you need the account to login via telnet, ssh or similar
> the login name _must_ be the NT user name.
>
> - Cygwin UIDs and GIDs are now not necessarily the RID part of the
> NT SID:
> e.g.:
> root::0:513:...
> instead of
> administrator::500:513:...
>
> - As with U*X systems, UIDs and GIDs numbering scheme now don't
> influence each other, so it's possible to have same Id's for a
> user and a group,
> e.g.:
> /etc/passwd:
> root::0:0:... # former 'administrator::500:544:...'
>
> /etc/group:
> root::0: # former 'administrators::544:'
>
> Disadvantages, if you like to use the new features:
> - /etc/passwd: The pw_gecos field has to contain a SID as the last
> element of the comma separated list.
> - /etc/group: The gr_passwd (former unused) has to contain a SID.
>
> If no SIDs are found in /etc/passwd and /etc/group, ntsec acts like
> the previous version.
>
> The SIDs are saved in standard WinNT notation (S-1-5-32-...)
> the utilities mkpasswd and mkgroup are patched, to support the new
> format:
>
> - mkpasswd and mkgroup generate SIDs by default. This behaviour may
> be switched off by the new commandline option `-s' or `--no-sids'.
>
> Moreover, mkpasswd generates the home dir path with the function
> cygwin_conv_to_posix_path(), so mount points are used now. This
> behaviour may be changed to `/cygdrive/<Driveletter>' by using the
> commandline option `-m' or `--no-mount'.
> ============ SNAP ==============
>
> Regards,
> Corinna
>
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com
More information about the Cygwin
mailing list