Login incorrect

Corinna Vinschen corinna@vinschen.de
Fri May 19 07:06:00 GMT 2000


James Dumser wrote:
> [...]
> NT. When I telnet or rsh in as a non-Administrators group user (the user
> is a member of Power Users, but not Administrators) and run id, I get
>         uid=1003(jadu) gid=513(Administrators)
> My system/global CYGWIN is set to tty ntea ntsec, although that doesn't
> show up in rsh sessions.

There seem to be up to two different problems on your system:

- If you use rsh for login purposes, it calls rlogind on the host
  side. Is it possible that you use inetutils-1.3.2 instead of
  inetutils-1.3.2-2? I had uploaded it yesterday around 9:30am UTC
  and announced in cygwin around 10:30am UTC.
  rlogind had a problem in the previous version which could be
  the reason that you couldn't see the CYGWIN env variable.

- Your /etc/passwd and /etc/group files aren't correct. Group
  513 is _not_ `Administrators' but the group `None' on stand-alone
  systems or `Domain Users' on systems which are NT domain members.
  Group `Administrators' has SID 1-5-32-544 which results in GID
  544 if you haven't changed it by yourself.

Hint:

NT doesn't manage group memberships in a responsible way on
stand-alone systems. No user (Admins, too) has a primary group
as it's managed in U*X like systems. Files created by any user
have the group `None' as their group entry. Nevertheless, if
you use ntsec and if you change your primary group membership
in /etc/passwd, this is taken into account by ntsec.

Example:

After calling `mkpasswd' and `mkgroup' you have the following
entries besides others:

/etc/passwd:
	administrator::500:513:S-1-5-21-???-???-???-500:...

/etc/group:
	Administrators:S-1-5-32-544:544:
	None:S-1-5-21-???-???-???-513:	

Login as Administrator, ntsec off:
	$ touch x; ls -ln x
	rw-r--r-- 1 544 513 ... x  

Login as Administrator, ntsec on:
	$ touch x; ls -ln x
	rw-r--r-- 1 500 513 ... x  

Change the Administrator line in /etc/passwd by hand to:
	Administrator::500:544:...

Login as Administrator, ntsec on:
	$ touch x; ls -ln x
	rw-r--r-- 1 500 544 ... x  

And another hint: You may change names as well as UIDs and
GIDs to completely different values if ntsec is on and if
(and only if!) you have correct S- entries!

And if you want to login via telnet/rlogin/rsh/ssh to
your account with changed name you must have that additional
U- entry in /etc/passwd!

For example if you want Admin user and group to be `root' in
cygwin, you may change passwd and group files to:

/etc/passwd:
	root::0:0:U-Administrator,S-1-5-21-???-???-???-500:...

/etc/group:
	root:S-1-5-32-544:0:
	none:S-1-5-21-???-???-???-513:513:

Now login as root, ntsec on:
	$ touch x; ls -ln x
	rw-r--r-- 1 0 0 ... x  

> One other discrepancy concerns file ownership. Logged in as jadu, ls
> -alF ~jadu shows
> [...]
> It appears the file owner follows whoever is logged in. Yet I (as
> Administrator) can't write to ~jadu:

Either this is related to the rlogind problem or you are
trying to use ntsec on a FAT partition. ntsec has no effect
on FAT partitions because it depends on the ability of the
file system to support access control lists.

Hope, that helps,
Corinna

-- 
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com



More information about the Cygwin mailing list