Pierre:
Thanks for your help. After I rebuilt
/etc/passwd and /etc/group some but not all of the symptoms went away-
I'm pretty sure /etc/group was corrupt (my fault). I will post again after
I get things in order, but for now I still can not write to the share:
> 16:04:01 Tue Jul 26 0j tty0 3204 ~
> OurBox120 staffuser1 > id
uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF)
groups=544(Administrators),10513(Domain
Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users),545(Users)
> 16:04:14 Tue Jul 26 0j tty0 3204 ~
> OurBox120 staffuser1 > ls -l /etc/{passwd,group}
-rw-rw-r-- 1 staffuser1 XYZ_ES_STAFF 178626 Jul 26 15:49 /etc/group
-rw-rw-r-- 1 staffuser1 XYZ_ES_STAFF 44725 Jul 26 15:49 /etc/passwd
> 16:04:22 Tue Jul 26 0j tty0 3204 ~
> OurBox120 staffuser1 > touch //OurBox108/scm/toss.$RANDOM
touch: cannot touch `//OurBox108/scm/toss.13506': Permission denied
see comments below:
On Tue 7/26/05 16:14 EDT "Pierre A. Humblet" wrote:
> Tom Rodman wrote:
>
> > Just upgraded to 1.5.18. Having several problems with
> > network drives in ssh sessions - problems not seen in 1.5.10
> > or earlier. Here they are:
> >
> > # ********************************************************************
> > # ssh session can not read share permissions w/"setacl"
> > # ********************************************************************
> > # --------------------------------------------------------------------
> > # reference (good/OK) example in console bash session
> > # (notice user staffuser1 is in group 'XYZ_ES_ADMIN')
> > # --------------------------------------------------------------------
> > ~ $ uname -a
> > CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown
> > unknown Cygwin
> > ~ $ echo $CYGWIN
> > binmode tty ntsec smbntsec
> > ~ $ id
> > uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF)
> > groups=0(root),544(Administrators),19858(ABC_NA-CTX-Notepad-A),10513(Domain
> > Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users) ,545(Users)
> > ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst
> > 'f:tab;w:o,g,d,s;i:y;s:n'
> > \\OurBox108\scm
> >
> > DACL(not_protected):
> > Everyone read+SHARE_WRITE+WRITE_OWNER+WRITE_DAC allow
> > no_inheritance
> > DOMxx1\XYZ_ES_ADMIN full allow no_inheritance
> >
> > # --------------------------------------------------------------------
> > # failing example in ssh bash session
> > # --------------------------------------------------------------------
> > ~ $ uname -a
> > CYGWIN_NT-5.0 OurBox120 1.5.18(0.132/4/2) 2005-07-02 20:30 i686 unknown
> > unknown Cygwin
> > ~ $ echo $CYGWIN
> > binmode tty ntsec smbntsec
> > ~ $ id
> > uid=15773(staffuser1) gid=16027(XYZ_ES_STAFF)
> > groups=0(root),544(Administrators),10513(Domain
> > Users),16026(XYZ_ES_ADMIN),16027(XYZ_ES_STAFF),16024(XYZ_Users),545(Users)
> > ~ $ setacl -on '\\OurBox108\scm' -ot shr -actn list -lst
> > 'f:tab;w:o,g,d,s;i:y;s:n'
> > ERROR reading SD from <\\OurBox108\scm>: Access is denied.
>
> I am assuming you use ssh with a password. Correct? If not, discard what
> follows.
right I do login with a password (in general, and definitely for these tests)
>
> This is probably due to a change in ssh, which in turn necessitated a change
> in Cygwin
> to contact the domain server to obtain the groups you belong to, even before
> ssh
> logs you in.
>
> Looks like your server is omitting the group ABC_NA-CTX-Notepad-A This causes
> Cygwin to generate an internal token to log you in, instead of using the
> token provided by
> Windows from your ID/passwd. Your domain does not trust the credentials
> produced by
> Cygwin.
SORRY, I that "ABC_NA-CTX-Notepad" group was my problem - I believe my groups
file was corrupted/out of date! I think I have fixed that now, and the problem
persists, but I will carefully double check everything and followup with at
least another
posting either way.
>
> If the above is true, here is a workaround:
> edit /etc/group and add "staffuser1" at the end of the line for the group
> ABC_NA-CTX-Notepad-A
> (which should have gid 19858).
> This will remedy the problem with the domain server.
>
> It would be nice to understand why a group is not reported (probably a
> security issue) but
> doing so probably requires help from a knowledgeable and helpful network
> admin.
again, I suspect it was my munged /etc/group file..
>
> Pierre
>
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
