Corinna Vinschen wrote:
On Jul 18 22:41, Andrew DeFaria wrote:
I am helping a client install a new server and we use a process that
essentially does an rsh <machine> make. The make process is fairly
complicated. The new server is a Windows 2003 Server. There is no RDP
involved - just an rsh. I'm getting errors like:
3 [main] bash 14596 C:\cygwin\bin\bash.exe: *** fatal error -
C:\cygwin\bin\bash.exe: *** CreateFileMapping
Global\cygwin1S4.cygpid.4648, Win32 error 0.
I've seen some posts regarding an error similar to this but it
usually involves and RDP session and an error code of 5 but here I
have no RDP session and the error code is strangely 0.
The other thing that is odd is that in the process of make some of
the compilations will fail as the above and others won't. IOW it's
intermittent. Also it's not always bash that dies. Sometimes it's make:
4 [main] make (11352) C:\cygwin\bin\make.exe: *** fatal error - C:
bin\make.exe: *** CreateFileMapping Global\cygwin1S4.cygpid.11352,
Win32 . Terminating.
Since the return code is 0 the make continues onward obliviously.
Another interesting aspect is that if the user who is rsh'ing is
added to the local Administrators group then all these errors disappear.
Note that people have passwordless rsh access to the server.
This is probably the problem. I just wrote a lengthy explanation of
what happens in case of public key authentication, see:
http://cygwin.com/ml/cygwin/2006-07/msg00577.html
You're getting the same problem in case of rhosts authentication, it
all boils down to "password-less authentication".
Your case is not exactly related but it doesn't hurt to read this
first, just to get an impression and maybe a coffee break.
I can't explain the error code 0 right now, but I assume your problem
is the handling of user rights related to global objects. Reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/termserv/kernel_object_namespaces.asp
gives a bit of insight into the general problem.
I have to be able to reproduce the problem, which I can't ATM. As a
workaround try giving the "Create global objects" user right to the
sshd_server account alone. If that doesn't work, add the "Create
global objects" right to the users login in through rsh.
Please report back the results of both tests.
First off, yes I am using the sshd_server account for the inetd service
which, of course, starts the in.rshd process. I thought that this users,
sshd_server, already had this right but apparently it didn't:
$ editrights -l -u sshd_server
SeDenyInteractiveLogonRight
SeDenyNetworkLogonRight
SeDenyRemoteInteractiveLogonRight
So I added it:
$ editrights -l -a SeCreateGlobalPrivilege -u sshd_server
SeCreateGlobalPrivilege
SeDenyInteractiveLogonRight
SeDenyNetworkLogonRight
SeDenyRemoteInteractiveLogonRight
Then I restarted inetd. Now when I rsh to the server I get:
$ rsh -l adefaria <server>
Switching to user adefaria failed!
rlogin: connection closed.
This is not good! So I removed SeCreateGlobalPrivilege from sshd_server
and restart inetd and I get the same error! So I re-added all the rights
I find from /bin/ssh-host-config:
$ editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server
$ editrights -a SeCreateTokenPrivilege -u sshd_server
$ editrights -a SeDenyInteractiveLogonRight -u sshd_server
$ editrights -a SeDenyNetworkLogonRight -u sshd_server
$ editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server
$ editrights -a SeIncreaseQuotaPrivilege -u sshd_server
$ editrights -a SeServiceLogonRight -u sshd_server
Restarted inetd and it's back. Odd...
Now we achieve passwordless login through rlogin/rsh by purposely
setting the password blank in /etc/passwd. I changed that for my user to
not have a blank password in /etc/passwd so that rsh prompts. This, of
course, kills the ability to do rsh <machine> <cmd> but an rsh/rlogin
<machine> still works. So I log in and then attempt the make and I get
the same problem with CreateFileMapping.
As for adding "Create global objects" to my user take note that my user
is part of the domain. I can use the Local Security Policy editor to add
my domain user to the "Create global objects" property. I tried that but
again no difference in the problem.
--
Andrew DeFaria <http://defaria.com>
I was thinking that women should put pictures of missing husbands on
beer cans.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/