----- Original Message ----- From: "Bruce Dobrin" <[EMAIL PROTECTED]> To: "Bruce Dobrin" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, June 02, 2003 8:04 PM Subject: Re: NTsec permissions issue over inet
> I tried executing a the command via a socket directly: by asigning a script > via inet.conf, it still gave me permission denied. I turned off > inetd/xinetd and hacked together a server with perl to exec the same script > and it had no permission problems. it looks like a problem common to inetd > and xinetd but not cygwin specifically: > > EXAMPLE: > > ######(socket 1824 defined in inetd.conf and /etc/services file) > > [EMAIL PROTECTED]:/home/dobrin>telnet castro 1824 > responds: > pwd > /c/WINNT/system32 > ls -al //matilda/setup > ls: //matilda/setup: No such file or directory > /c/WINNT/system32/dfscmd.exe /view \\\\dfsmaster\\dfsshare > poop > cat poop > System error 1355 has occurred. > The specified domain either does not exist or could not be contacted. > > #######( perl script listening on socket 2345 ) > > [EMAIL PROTECTED]:/home/dobrin>telnet castro 2345 > responds: > pwd > /home/dobrin > ls -al //matilda/setup > drwxrwxrwx+ 1 Administ Domain A 32768 May 30 18:45 . > drwxrwxrwx+ 1 Administ Domain A 0 May 8 14:07 2ksrv_image > drwxrwxrwx+ 1 Administ Domain A 0 Feb 27 20:55 3dmaxupdate > drwxrwxrwx+ 1 Administ Domain A 0 Mar 26 11:08 ACDSee > ......... > /c/WINNT/system32/dfscmd.exe /view \\\\dfsmaster\\dfsshare > poop > cat poop > \\DFSMASTER\dfsroot > \\DFSMASTER\dfsroot\shots\vol780 > \\DFSMASTER\dfsroot\pipe\usr_pasquini\trash > The command completed successfully. > > > > ----- Original Message ----- > From: "Bruce Dobrin" <[EMAIL PROTECTED]> > To: "Banville, Stephen" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Monday, June 02, 2003 12:37 PM > Subject: Re: NTsec permissions issue over inet > > > > hmmm, still experimenting: thought it might have something to do with > > inetd and mounts, but I also tried rlogin to <localhost> which is > running > > init and xinetd and issueing a dfscmd: > > > > [EMAIL PROTECTED]:/home/dobrin> dfscmd /view \\\\dfsmaster\\dfsshare > > \\DFSMASTER\dfsroot > > \\DFSMASTER\dfsroot\shots\vol780 > > \\DFSMASTER\dfsroot\pipe\usr_pasquini\trash > > The command completed successfully. > > [EMAIL PROTECTED]:/home/dobrin> rsh localhost > > Last login: Mon Jun 2 12:30:41 from THEODOLITE.spimageworks.com > > Fanfare!!! > > You are successfully logged in to this server!!! > > [EMAIL PROTECTED]:/home/dobrin> dfscmd /view \\\\dfsmaster\\dfsshare > > System error 5 has occurred. > > > > Access is denied. > > > > :::: still confused... > > > > > > ----- Original Message ----- > > From: "Banville, Stephen" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; "Stephen Banville" <[EMAIL PROTECTED]> > > Cc: "'Bruce Dobrin'" <[EMAIL PROTECTED]>; "Banville, Stephen" > > <[EMAIL PROTECTED]> > > Sent: Monday, June 02, 2003 5:32 AM > > Subject: RE: NTsec permissions issue over inet > > > > > > > Igor, > > > I tried settting smbntsec and it did not work. With older version I > > > used to > > > just set ntsec, make the passwd and group files, and everything would > just > > > work > > > the way I would expect. Something has changed in the way cygwin handles > NT > > > security. > > > I am running a generic version of windows 2000 with no thrid party > filesys > > > drivers. > > > I don't believe that it's aproblem with my configuration because older > > > version of > > > Cygwin have worked just fine. As of now all suggestions have not been > > > successful. > > > It sounds like a new bug has been introduced surrounding NT security. > > > > > > Steve > > > > > > -----Original Message----- > > > From: Igor Pechtchanski [mailto:[EMAIL PROTECTED] > > > Sent: Sunday, June 01, 2003 7:30 PM > > > To: Stephen Banville > > > Cc: 'Bruce Dobrin'; [EMAIL PROTECTED]; [EMAIL PROTECTED] > > > Subject: RE: NTsec permissions issue over inet > > > > > > > > > Steve, > > > > > > On Windows, if you use the Windows sharing mechanism (instead of a > > > proprietary filesystem driver), your shares are SMB shares (which stands > > > for Server Message Block, IIRC). The 'smbntsec' option is designed for > > > those kinds of shares. If you do have a proprietary filesystem driver, > > > Cygwin most likely doesn't have any support for recognizing the security > > > attributes on that. <http://cygwin.com/acronyms/#PTC>. It's also > > > possible that the filesystem driver that you have is partly compatible > > > with the NTFS or SMB security, and some addition to the Cygwin codebase > > > to deal better with one or the other has accesses to features that > aren't > > > available on your filesystem, so it stopped working. > > > > > > > > > > > > Your login problem has nothing to do with the above. Unlike Linux, > where > > > anyone can run "su" or "login", Windows NT variants require the user to > > > have extra privileges to be able to switch user context (create an > access > > > token belonging to someone else). > > > <http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID> should explain > > > this somewhat. > > > Igor > > > > > > On Sun, 1 Jun 2003, Stephen Banville wrote: > > > > > > > HI Bruce, > > > > > > > > The reason I don't have smbntsec set is because the remote > > > > volumes are not Samba Shares. The interesting thing here is that when > I > > > > ran an older version of Cygwin, this functionality would work just > fine. > > > > I also tried the passwd trick (which didn't work as well.) I can't > > > > imagine what the problem could be ? At this time I am running out of > > > > ideas. My only hope at this time would be to enable some sort of a > debug > > > > trace to see what component is actually failing during the login. > > > > Another interesting point to mention is that when I run the 'login' > > > > command within the shell, I cannot log in under my user name defined > in > > > > the /etc/passwd file. Any ideas why this would ? This could somehow be > > > > related to my problem. > > > > > > > > Any help would be welcomed!! > > > > > > > > Steve > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf > > > > Of Bruce Dobrin > > > > Sent: Friday, May 30, 2003 8:20 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: NTsec permissions issue over inet > > > > > > > > OK, further testing, I can't get the below rlogin "trick" to work on > a > > > > 1.3.22 machine, the one it worked on is actually a 1.3.12 machine. > so, > > > > with 1.3.12 I can get it to work by forcing a password entry, but > this > > > > appears not to work with a 1.3.22 machine........ > > > > continuing more confused than ever... > > > > > > > > ----- Original Message ----- > > > > From: "Bruce Dobrin" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Friday, May 30, 2003 4:46 PM > > > > Subject: Re: NTsec permissions issue over inet > > > > > > > > > > > > > Sorry, On re-reading that, it's not as clear as it could be, the > > > > example > > > > > used in the previous e-mail ( below) was on a later version of > cygwin, > > > > it > > > > > is not the 1.3.2 machine referred to earlier in the message. > > > > > > > > > > ----- Original Message ----- > > > > > From: "Bruce Dobrin" <[EMAIL PROTECTED]> > > > > > To: <[EMAIL PROTECTED]> > > > > > Cc: <[EMAIL PROTECTED]> > > > > > Sent: Friday, May 30, 2003 4:37 PM > > > > > Subject: Re: NTsec permissions issue over inet > > > > > > > > > > > > > > > > Thanks for responding Larry, > > > > > > > > > > > > I actually had tried most permutations of (no)ntsec, (no)smbntsec, > > > > > (no)ntea, > > > > > > etc... and on other machines that didn't have weird path or passwd > > > > > > entries. -- no dice > > > > > > > > > > > > I think I may have a good hint as to what is going on, but I'll > > > > need > > > > > > someone who knows the system better than I to figure out the > > > > solution. > > > > > > > > > > > > By the way I have around 300 machines here, and I found one which > > > > is > > > > > > running cygwin1.3.2 and which works fine. This leads me to think > > > > that > > > > it > > > > > is > > > > > > something to do with the hosts.equiv functionality which I believe > > > > was > > > > non > > > > > > functional before at 1.3.2 ( at least I didn't use it here). I > > > > found > > > > > > machine that if I : forced the user to use a password and I set > some > > > > > > permutations of the permissions... it then works: example: > > > > > > > > > > > > [EMAIL PROTECTED]:/home/dobrin> rsh gable3 > > > > > > Fanfare!!! > > > > > > .......... > > > > > > [EMAIL PROTECTED]:/home/dobrin> echo $CYGWIN > > > > > > ntea nontsec smbntsec > > > > > > [EMAIL PROTECTED]:/home/dobrin> cd //matilda/dist > > > > > > //matilda/dist: Permission denied. > > > > > > > > > > > > BUT, If I force a passwd entry: > > > > > > > > > > > > [EMAIL PROTECTED]:/home/dobrin> rsh gable3 -l poo > > > > > > Password: > > > > > > Login incorrect > > > > > > login: dobrin > > > > > > Password: > > > > > > Fanfare!!! > > > > > > ........... > > > > > > [EMAIL PROTECTED]:/home/dobrin> echo $CYGWIN > > > > > > ntea nontsec smbntsec > > > > > > [EMAIL PROTECTED]:/home/dobrin> cd //matilda/dist > > > > > > [EMAIL PROTECTED]:/matilda/dist> > > > > > > > > > > > > > > > > > > Unfortunately I don't really think of this as a good solution , > and > > > > it > > > > > > doesn't appear to work with my default $CYGWIN setup. > > > > > > Does this help at all? > > > > > > Thanks, > > > > > > Bruce > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Larry Hall" <[EMAIL PROTECTED]> > > > > > > To: "Bruce Dobrin" <[EMAIL PROTECTED]> > > > > > > Cc: <[EMAIL PROTECTED]> > > > > > > Sent: Thursday, May 29, 2003 7:14 PM > > > > > > Subject: Re: NTsec permissions issue over inet > > > > > > > > > > > > > > > > > > > Bruce Dobrin wrote: > > > > > > > > Here are the Cygcheck, and Group files, I'll include the my > > > > > (typical) > > > > > > > > passwd entry as we have a ( legitimate) policy against > > > > publishing > > > > our > > > > > > login > > > > > > > > id's ( I know it doesn't include encrypted passwd's, but with > > > > 650 > > > > > > entries, > > > > > > > > but I'd like to reduce the fodder for someone's foreach loop > > > > thru a > > > > > > cracking > > > > > > > > program). > > > > > > > > > > > > > > > > > > > > > > > > representative passwd entries: > > > > > > > > > > > > > > > > SYSTEM:*:18:544:,S-1-5-18:: > > > > > > > > Administrators:*:544:544:,S-1-5-32-544:: > > > > > > > > > > > > > > > > > > > > > > > > dobrin:unused_by_nt/2000/xp:11014:10512:Brucester,U-PRODUCTION\dobrin,S- > > > > 1-5- > > > > > > > > 21-501104424-1911818820-14498641-1014:/home/dobrin:/bin/bash > > > > > > > > > > > > > > > > > > > > > > > > Thanks > > > > > > > > Bruce Dobrin > > > > > > > > > > > > > > > > > > > > > Partial passwd entries is fine. What you provided is adequate. > > > > > > > > > > > > > > The basics look OK. I find two things in common between your > > > > > information > > > > > > > and Steve's: > > > > > > > > > > > > > > 1. You both appear to have a strange entry in your path. I'm > > > > not > > > > > > > sure if it's some weird artifact of cygcheck or if it's > > > > actually > > > > > > > in the path. In yours, you have a directory that looks > like > > > > this: > > > > > > > > > > > > > > "c > > > > > > > C:\cygwin\program_files\diskaccess\bin" > > > > > > > > > > > > > > Steve's is just "c". > > > > > > > > > > > > > > 2. You both have a carriage return as the last character in > > > > either > > > > > > > your passwd or group files. > > > > > > > > > > > > > > Neither of these are clearly related to this issue but should be > > > > > > > investigated and cleaned up. Also, neither of you set > 'smbntsec' > > > > > > > in your CYGWIN environment variable (before starting Cygwin or > any > > > > of > > > > > > > it's services). Please do, just so we can rule this out as an > > > > issue. > > > > > > > Also, since you both claim that this used to work, please try > > > > removing > > > > > > > 'ntsec' and 'smbntsec' and/or adding 'nontsec' to your CYGWIN > > > > > environment > > > > > > > variable (before starting Cygwin or any of it's services). This > > > > should > > > > > > > help pinpoint whether turning 'ntsec' on by default in recent > > > > releases > > > > > > > has any bearing. > > > > > > -- > > > http://cs.nyu.edu/~pechtcha/ > > > |\ _,,,---,,_ [EMAIL PROTECTED] > > > ZZZzz /,`.-'`' -. ;-;;,_ [EMAIL PROTECTED] > > > |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski > > > '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! > > > > > > "I have since come to realize that being between your mentor and his > route > > > to the bathroom is a major career booster." -- Patrick Naughton > > > Bruce- To ask the obvious- Are you SURE that Microsoft dfscmd is supported in CYGWIN? Martin -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
