Re: Unknown+User and Unknown+Group when using ls via ssh
On Feb 18 17:17, James Whitwell wrote: > Hi, > > We’re having some trouble when logged in via ssh that we don’t have > when we log in directly (in our case RDP to the server, then start > bash from the Windows desktop). Our environment is Windows Server > 2008 R2 64-bit joined to a Samba domain, running Cygwin 2.4.1 64-bit. > > The problem we’re having seems to be with usernames and groups. When > we’re logged in directly, it works perfectly e.g. > > WORKFLOW3:jams:~:$ cd /cygdrive/e > WORKFLOW3:jams:/cygdrive/e:$ ls -l > total 12 > dr-xr-x---+ 1 jams Domain Users 0 Feb 18 10:36 $RECYCLE.BIN/ > drwxrwx---+ 1 wfcron Domain Users 0 Sep 23 14:13 PDF/ > drwxr-x--- 1 Unknown+User Unknown+Group 0 Mar 7 2015 System Volume > Information/ > drwxrwx---+ 1 wfcron Domain Users 0 Sep 7 10:30 Vault/ > WORKFLOW3:jams:/cygdrive/e:$ cd PDF > WORKFLOW3:jams:/cygdrive/e/PDF:$ ls -l > total 29696 > -rwxrwx---+ 1 wfcron Domain Users 0 Feb 18 17:09 from-cron* > drwxrwx---+ 1 wfcron Domain Users 0 Feb 18 11:15 pdf/ > WORKFLOW3:jams:/cygdrive/e/PDF:$ > > But when I ssh to the machine and try the same commands, I get > “Unknown+User” and “Unknown+Group” from “ls”, and can’t “cd PDF” e.g. > > WORKFLOW3:jams:~:$ cd /cygdrive/e > WORKFLOW3:jams:/cygdrive/e:$ ls -l > total 4 > dr-xr-x---+ 1 jams Domain Users 0 Feb 18 10:36 $RECYCLE.BIN/ > drwxr-x--- 1 Unknown+User Unknown+Group 0 Sep 23 14:13 PDF/ > drwxr-x--- 1 Unknown+User Unknown+Group 0 Mar 7 2015 System Volume > Information/ > drwxr-x--- 1 Unknown+User Unknown+Group 0 Sep 7 10:30 Vault/ > WORKFLOW3:jams:/cygdrive/e:$ cd PDF > -bash: cd: PDF: Permission denied > WORKFLOW3:jams:/cygdrive/e:$ > > I’ve tried strace on the ls via ssh (attached) but can’t see anything > obvious failing in it. I tried this myself and can't reproduce it in my (granted: very tiny) AD environment. But there's an obvious problem in the strace: 13138 42223 [ldap_init] ls 6764 cyg_ldap::connect_non_ssl: ldap_bind((null)) 0x51 So ldap_bind returns with error code 0x51 which is LDAP_SERVER_DOWN. Assuming the server is not really down, the error code means the caller cannot connect to the LDAP server for one reason or the other. This reason is not visible from the strace and it might be necessary to hunt this down locally. Note that error 0x51 really means contacting the server fails. It's not an authentication problem or something like that. HTH, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat signature.asc Description: PGP signature
Freeze package
Is there a way to freeze a cygwin package to prevent upgrade? Byron -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] TEST RELEASE: Cygwin 2.5.0-0.4
Hi Cygwin friends and users, I released a new Cygwin TEST version 2.5.0-0.4. Diffs to -0.3 are mainly bugfixes. What's new: --- - Switch to POSIX ACL API by default. - First implementation of pthread_barrier/pthread_barrierattr functions. New APIs: pthread_barrierattr_init, pthread_barrierattr_setpshared, pthread_barrierattr_getpshared, pthread_barrierattr_destroy, pthread_barrier_init, pthread_barrier_destroy, pthread_barrier_wait. What changed: - - In calls to chmod treat ACLs with extra ACEs *only* for Admins and SYSTEM like a trivial ACL. - Bump POSIX option macros to POSIX.1-2008. Bug Fixes - - Fix potential hang when using LoadLibraryEx(LOAD_LIBRARY_SEARCH_SYSTEM32). Reported and tested via IRC. - Fix a bug in ACL handling which might result in a spurious extra entry for the primary group. Self-observed. - printf(3): Handle multibyte decimal point in field size computation. Addresses: https://cygwin.com/ml/cygwin/2016-02/msg00014.html - cygwin_conv_path: Always preserve trailing backslashes in conversion to POSIX paths. Addresses: https://cygwin.com/ml/cygwin/2016-01/msg00480.html - Make buffered console characters visible to select(). Addresses: https://cygwin.com/ml/cygwin/2014-12/msg00118.html - Always report relocation problems, not only in debug DLL. Addresses: https://cygwin.com/ml/cygwin/2016-02/msg00147.html - Don't spill network credentials of privileged user changing the user context via setuid method 1 (https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1) into user session Have fun, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Freeze package
On 18/02/2016 15:34, Byron Boulton wrote: Is there a way to freeze a cygwin package to prevent upgrade? Byron only manually selecting skip for that specifically package. Why ? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Possible Security Hole in SSHD w/ CYGWIN?
On Feb 17 10:43, Corinna Vinschen wrote: > On Feb 16 20:55, David Willis wrote: > > First let me say that I'm not too well-versed in coding and the ins and outs > > of how processes utilize credentials when they are spawned. However, the > > jist of it seems to be that if there are no credentials saved with passwd -R > > to replace the current user token with that of the user that is SSH'd in, > > then there is no way to change that token at all (or get rid of it) meaning > > the token used when accessing a share will stay as the token of the caller - > > namely cyg_server? Please correct me if I'm way off-base but that seems to > > be my interpretation of this. > > It's wrong, but it's not easy to grok how this all works under the hood. > First of all, refering to > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview, only > method 1 should be affected. > [bla, bla] > > If that is the case, it seems this is an unintended side effect of the way > > CYGWIN and sshd work together, and with the current state of Windows there > > isn't really a way around it. > > There might be a way around that. I have a vague idea what to do to > create a new logon session, even when creating the token from scratch > per method 1, which would not share the network credentials of the > caller. But it's just that yet, an idea. I implemented and tested the idea and it seems to work. Note that the underlying problem that we can't generate our own login session when using method 1 persists. However, the new code should avoid spilling cyg_server credentials into the user session. Please give the new Cygwin test release 2.5.0-0.4 (https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat signature.asc Description: PGP signature
Re: Freeze package
On 2/18/2016 10:09 AM, Marco Atzeri wrote: On 18/02/2016 15:34, Byron Boulton wrote: Is there a way to freeze a cygwin package to prevent upgrade? Byron only manually selecting skip for that specifically package. Why ? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple There is a very annoying small bug in the hamster package from cygwin-ports. It's a very simple fix in the python code, but I was thinking I would freeze the package to keep from overwriting it. I've had bad luck with installing from source on my linux machines, so I don't have high hopes for installing it from source on cygwin. I realize it's a bad idea to manually edit files that are under the control of the package manager. Freezing the package is just a workaround. Byron -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Freeze package
Byron Boulton zoho.com> writes: > Is there a way to freeze a cygwin package to prevent upgrade? This is a "if you have to ask, you shouldn't be doing it" type of question. Keeping that in mind, you can edit /etc/setup/installed.db and give any package a high enough version number so that setup thinks there's a more recent version installed than what is available in the repo. You have to remember that yourself or you'll start wondering a few months down the road why things break in mysterious ways, though. But you should really report the problem to the maintainer so that it can be solved at its root, rather than trying to point-fix a local installation. Regards, Achim. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Freeze package
On 2/18/2016 10:13 AM, Byron Boulton wrote: On 2/18/2016 10:09 AM, Marco Atzeri wrote: On 18/02/2016 15:34, Byron Boulton wrote: Is there a way to freeze a cygwin package to prevent upgrade? Byron only manually selecting skip for that specifically package. Why ? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple There is a very annoying small bug in the hamster package from cygwin-ports. It's a very simple fix in the python code, but I was thinking I would freeze the package to keep from overwriting it. I've had bad luck with installing from source on my linux machines, so I don't have high hopes for installing it from source on cygwin. I realize it's a bad idea to manually edit files that are under the control of the package manager. Freezing the package is just a workaround. Byron -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple On 2/18/2016 10:34 AM, Achim Gratz wrote: Byron Boulton zoho.com> writes: Is there a way to freeze a cygwin package to prevent upgrade? This is a "if you have to ask, you shouldn't be doing it" type of question. Keeping that in mind, you can edit /etc/setup/installed.db and give any package a high enough version number so that setup thinks there's a more recent version installed than what is available in the repo. You have to remember that yourself or you'll start wondering a few months down the road why things break in mysterious ways, though. But you should really report the problem to the maintainer so that it can be solved at its root, rather than trying to point-fix a local installation. Regards, Achim. Thanks for your info on the installed.db. As I replied to another mailing list member, I recognize the problems of editing files under the package manager's control. If installing from source weren't buggy (that I *should* report upstream) I would do that rather than edit the files installed by cygwin. The bug is fixed upstream, but only in a release candidate. It would be nice if cygwin had a real way to freeze a package. For example, when you freeze a package in Arch Linux, everytime you update your packages it prints a warning listing packages you have frozen. This way, each time you run an update you see the warning and can consider again if you need to have the packages frozen, or if something starts acting funny you can ask yourself, "I wonder if the problem is caused by these packages I have frozen". Byron -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] zim 0.65-1
The following packages have been uploaded to the Cygwin distribution: * zim-0.65-1 Zim is a graphical text editor used to maintain a collection of wiki pages. Each page can contain links to other pages, simple formatting and images. Pages are stored in a folder structure, like in an outliner, and can have attachments. Creating a new page is as easy as linking to a nonexistent page. All data is stored in plain text files with wiki formatting. Various plugins provide additional functionality, like a task list manager, an equation editor, a tray icon, and support for version control. -- Yaakov -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Possible Security Hole in SSHD w/ CYGWIN?
On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote: > > I implemented and tested the idea and it seems to work. Note that the > underlying problem that we can't generate our own login session when using > method 1 persists. However, the new code should avoid spilling cyg_server > credentials into the user session. > > Please give the new Cygwin test release 2.5.0-0.4 > (https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try. I've installed the test release and am no longer able to reproduce the issue; I get the expected "access denied" on all network shares as I should on this test account. (pub key auth, no password stored with "passwd -R") :) -- Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] xsel 1.2.0-2
The following packages have been uploaded to the Cygwin distribution: * xsel-1.2.0-2 XSel is a command-line program for getting and setting the contents of the X selection. Normally this is only accessible by manually highlighting information and pasting it with the middle mouse button. -- Yaakov -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: mktemp() fails on Wine 1.9.3 + Cygwin 2.5.0-0.2
I wrote a test case demonstrate the problem at the Cygwin level.
It is almost only one line:
open("haha", O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); //
remember to unlink the file "haha" first
On Windows + Cygwin, this program creates a file in 0600 mode:
Administrator@short ~
$ stat haha
File: ‘haha’
Size: 0 Blocks: 0 IO Block: 65536 regular empty file
Device: 903b0bf0h/2419788784d Inode: 91760842407778598 Links: 1
Access: (0600/-rw---) Uid: (197108/Administrator) Gid: (197121/None)
Access: 2016-02-19 10:34:19.917782200 +0800
Modify: 2016-02-19 10:34:19.917782200 +0800
Change: 2016-02-19 10:34:19.917782200 +0800
Birth: 2016-02-19 09:35:08.796316900 +0800
Administrator@short ~
$ getfacl.exe haha
# file: haha
# owner: Administrator
# group: None
user::rw-
group::---
other:---
On Wine + Cygwin, this program creates a file in 0505 mode:
fracting@fracting-ThinkPad-Edge-E431 ~
$ stat haha
File: ‘haha’
Size: 0 Blocks: 0 IO Block: 65536 regular empty file
Device: 4fdc55f7h/1339839991d Inode: 36447801Links: 1
Access: (0505/-r-x---r-x) Uid: (197608/fracting) Gid: (197121/None)
Access: 2016-02-19 10:32:36.828596900 +0800
Modify: 2016-02-19 10:32:31.820695700 +0800
Change: 2016-02-19 10:32:31.820695700 +0800
Birth: 2016-02-19 10:32:31.820695700 +0800
fracting@fracting-ThinkPad-Edge-E431 ~
$ getfacl.exe haha
# file: haha
# owner: fracting
# group: None
user::r-x
group::---
group:SYSTEM:rwx
mask:r-x
other:r-x
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
