Re: Puzzling local share permissions problem with ssh sessions on Win2K3

2007-05-02 Thread Shankar Unni 

Andrew DeFaria wrote:


WAG: Have you done mkgroup -d >> /etc/group?


Yes, I did - see my original post in this thread..


--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Puzzling local share permissions problem with ssh sessions on Win2K3

2007-05-01 Thread Andrew DeFaria 

Shankar Unni wrote:

Shankar Unni wrote:

My login groups are incomplete. 


I just saw this post: http://cygwin.com/ml/cygwin/2006-07/msg00129.html

Is this situation still present in the latest (1.5.24) Cygwin?

WAG: Have you done mkgroup -d >> /etc/group?
--
ClearSCM, Inc.
Andrew DeFaria, President 
One reason most people play golf is to wear clothes they wouldn't be 
caught dead in otherwise.



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Puzzling local share permissions problem with ssh sessions on Win2K3

2007-05-01 Thread Shankar Unni 

Shankar Unni wrote:

My login groups are incomplete. 


I just saw this post: http://cygwin.com/ml/cygwin/2006-07/msg00129.html

Is this situation still present in the latest (1.5.24) Cygwin?


--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Puzzling local share permissions problem with ssh sessions on Win2K3

2007-05-01 Thread Shankar Unni 

Shankar Unni wrote:

Dave Korn wrote:


cygcheck.out: CYGWIN = 'ntsec'
  Perhaps you need smbntsec as well?


Thanks! That did it..


Alas, that didn't *quite* do it.

I finally figured out that I had to uninstall and re-install 
(ssh-host-config) the sshd service, with CYGWIN=ntsec smbntsec.  The 
permissions on files look OK now, but there's still a problem:


My login groups are incomplete. When logged in via remote desktop, my 
groups are:


$ id
uid=13555(sunni) gid=11552(etdev) groups=544(Administrators),555(Remote 
Desktop Users),545(Users),16244(BusinessSignatures e),16487(Development 
Organiza),16381(DL- Global Employees),10513(Domain 
Users),16562(EntrustEmp),11552(etdev),11269(RAS-VPN 
Users),14162(RWC-Remote Users),11284(Terminal Server Users)


But when logged in via sshd, my groups are:
$ id
uid=13555(sunni) gid=11552(etdev) groups=544(Administrators),555(Remote 
Desktop Users),545(Users),11552(etdev)


Basically, all my CORP domain group memberships are missing except my 
primary login group (the user is a CORP domain user, as is the etdev 
group). Notice the missing groups with ids > 1..


(This causes all sorts of subtle permissions problems on certain files 
with more restrictive ACLs. Like all my ClearCase views :-/).


How do I get my sshd login session to contain all the Domain group 
memberships as well?



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Puzzling local share permissions problem with ssh sessions on Win2K3

2007-04-30 Thread Shankar Unni 

Dave Korn wrote:


cygcheck.out: CYGWIN = 'ntsec'
  Perhaps you need smbntsec as well?


Thanks! That did it..

Of course, now I need to figure out why Clearcase itself refuses to 
recognize that share, but that's a separate issue. Back to the coal mine..



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

RE: Puzzling local share permissions problem with ssh sessions on Win2K3

2007-04-28 Thread Dave Korn 
On 27 April 2007 22:48, Shankar Unni wrote:

> I have a Win2K3 SP1 system, freshly installed with the latest bits, and
> sshd installed with privilege separation (using ssh_host_config).  The
> /etc/passwd has both local and domain users (in that order), as does
> /etc/group.

  And even better, you sent cygcheck output.  Excellent.

> I have a local shared directory c:\Views (shared as \\myhostname\Views).
> The problem is that when I log in as a domain user, and try to write
> something into \\myhostname\Views\, I get a permission denied error,
> even though I can do this successfully if I come in as that same user
> via Terminal Services.

cygcheck.out: CYGWIN = 'ntsec'

  Perhaps you need smbntsec as well?

"(no)smbntsec - if set, use ntsec on remote drives as well (default is
"nosmbntesc"). When setting "smbntsec" there's a chance that you get problems
with Samba shares so you should use this option with care. One reason for a
non working ntsec on remote drives could be insufficient permissions of the
users. The requires user rights are somewhat dangerous (SeRestorePrivilege),
so it's not always an option to grant that rights to users. However, this
shouldn't be a problem in NT domain environments."
http://www.cygwin.com/cygwin-ug-net/using-cygwinenv.html

cheers,
  DaveK
-- 
Can't think of a witty .sigline today


--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Puzzling local share permissions problem with ssh sessions on Win2K3

2007-04-27 Thread Shankar Unni 

Andrew DeFaria wrote:

Hey Shankar. WAG here. With Windows 2K3 came more security. Check to see 
what your *share* permissions are - not just the permissions of the 
folder but the permissions of the share point. I believe MS added 
something like Network: Deny for security sake and that screws up 
Clearcase which you rightly point out insists on using full UNC paths 
(for good reason mind you).


Thanks for the hint. But I see that that's not a problem here.  For one 
thing, as I said, if I ssh into another machine B as the same user, I 
can access \\A\Views just fine.  It's only from A itself that I can't 
access \\A\Views.  (I.e. sort of the opposite of what the above would 
affect).


Of course, I found that if I give Full Control to Everyone, then things 
work, but that's not an optimal solution.  Actually, "work" is also not 
right, since I can then create files and folders from Windows explorer, 
but using Clearcase itself, I get weirdo errors from the "mkview" 
command about "permission denied" when it tries to create files under 
whatever view directory it created.


It seems to be a subtle identity problem of some kind..


--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Puzzling local share permissions problem with ssh sessions on Win2K3

2007-04-27 Thread Andrew DeFaria 

Shankar Unni wrote:

I have a Win2K3 SP1 system, freshly installed with the latest bits, 
and sshd installed with privilege separation (using ssh_host_config).  
The /etc/passwd has both local and domain users (in that order), as 
does /etc/group.


I have a local shared directory c:\Views (shared as 
\\myhostname\Views). The problem is that when I log in as a domain 
user, and try to write something into \\myhostname\Views\, I get a 
permission denied error, even though I can do this successfully if I 
come in as that same user via Terminal Services.


Here's a matrix of various file creation attempts I tried, logging in 
to the server (I'm calling it "A" in the chart below) via TS or sshd, 
with or without a password.   For good measure, I logged in as the 
same domain user, via sshd, to a different machine, and accessed the 
same share successfully from there!


  C:\Views   \\A\Views  \\Common\share

logged in to A via  OK  OK   OK
Terminal Services

logged in to A via  OK Fails OK
sshd, with password

passwordless pubkey OK Fails OK
ssh login to A

logged in to B (other   --  OK   OK
machine) via sshd,
as the same user
(with or without password)


What is special about accessing your own host's shares, when logged in 
via sshd? sshd-logged-in users seem to be able to access shares on 
other systems using normal rules; just not shares on their own system.


I've attached a cygcheck.out (from the passwordless pubkey login).  
Any ideas on what I can try to make the two "Fails" cases above work?


(This is needed for Clearcase to be able to create views in that 
directory. The stupid thing insists on using a share path for creating 
views, even private ones).
Hey Shankar. WAG here. With Windows 2K3 came more security. Check to see 
what your *share* permissions are - not just the permissions of the 
folder but the permissions of the share point. I believe MS added 
something like Network: Deny for security sake and that screws up 
Clearcase which you rightly point out insists on using full UNC paths 
(for good reason mind you).


BTW It also insists on this for VOBs with the same sorts of issues...
--
Andrew DeFaria 
If you must choose between two evils, pick the one you've never tried 
before.



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Puzzling local share permissions problem with ssh sessions on Win2K3

2007-04-27 Thread Shankar Unni 
I have a Win2K3 SP1 system, freshly installed with the latest bits, and 
sshd installed with privilege separation (using ssh_host_config).  The 
/etc/passwd has both local and domain users (in that order), as does 
/etc/group.


I have a local shared directory c:\Views (shared as \\myhostname\Views). 
The problem is that when I log in as a domain user, and try to write 
something into \\myhostname\Views\, I get a permission denied error, 
even though I can do this successfully if I come in as that same user 
via Terminal Services.


Here's a matrix of various file creation attempts I tried, logging in to 
the server (I'm calling it "A" in the chart below) via TS or sshd, with 
or without a password.   For good measure, I logged in as the same 
domain user, via sshd, to a different machine, and accessed the same 
share successfully from there!


  C:\Views   \\A\Views  \\Common\share

logged in to A via  OK  OK   OK
Terminal Services

logged in to A via  OK Fails OK
sshd, with password

passwordless pubkey OK Fails OK
ssh login to A

logged in to B (other   --  OK   OK
machine) via sshd,
as the same user
(with or without password)


What is special about accessing your own host's shares, when logged in 
via sshd? sshd-logged-in users seem to be able to access shares on other 
systems using normal rules; just not shares on their own system.


I've attached a cygcheck.out (from the passwordless pubkey login).  Any 
ideas on what I can try to make the two "Fails" cases above work?


(This is needed for Clearcase to be able to create views in that 
directory. The stupid thing insists on using a share path for creating 
views, even private ones).

Cygwin Configuration Diagnostics
Current System Time: Fri Apr 27 14:41:48 2007

Windows 2003 Server Ver 5.2 Build 3790 Service Pack 1

Path:   C:\cygwin\usr\local\bin
C:\cygwin\bin
C:\cygwin\bin
C:\cygwin\usr\X11R6\bin
C:\cygwin\bin
c:\WINDOWS\system32
c:\WINDOWS
c:\WINDOWS\System32\Wbem
c:\Program Files\Rational\common
c:\Program Files\Rational\ClearCase\bin
C:\cygwin\bin

Output from C:\cygwin\bin\id.exe (nontsec)
UID: 13555(sunni) GID: 11552(etdev)
544(Administrators)   555(Remote Desktop Users) 545(Users)
11552(etdev)

Output from C:\cygwin\bin\id.exe (ntsec)
UID: 13555(sunni) GID: 11552(etdev)
544(Administrators)   555(Remote Desktop Users) 545(Users)
11552(etdev)

SysDir: C:\WINDOWS\system32
WinDir: C:\WINDOWS

USER = 'sunni'
PWD = '/home/sunni'
CYGWIN = 'ntsec'
HOME = '/home/sunni'
MAKE_MODE = 'unix'

HOMEPATH = '\cygwin\home\sunni'
MANPATH = '/usr/local/man:/usr/share/man:/usr/man::/usr/ssl/man'
HOSTNAME = 'scaerbium'
TERM = 'cygwin'
SHELL = '/bin/bash'
PROCESSOR_IDENTIFIER = 'x86 Family 15 Model 4 Stepping 7, GenuineIntel'
WINDIR = 'C:\WINDOWS'
SSH_CLIENT = '10.66.100.10 2080 22'
OLDPWD = '/home/sunni'
USERDOMAIN = 'SCAERBIUM'
SSH_TTY = '/dev/tty2'
OS = 'Windows_NT'
ALLUSERSPROFILE = 'C:\Documents and Settings\All Users'
TEMP = '/cygdrive/c/DOCUME~1/SSHD_S~1/LOCALS~1/Temp'
COMMONPROGRAMFILES = 'C:\Program Files\Common Files'
USERNAME = 'sshd_server'
PROCESSOR_LEVEL = '15'
MAIL = '/var/spool/mail/sunni'
SYSTEMDRIVE = 'C:'
USERPROFILE = 'C:\Documents and Settings\sunni'
TZ = 'PST8PDT7,M3.2.0/2,M11.1.0/2'
PS1 = '\[\e]0;[EMAIL PROTECTED] \[\e[33m\]\w\[\e[0m\]\n\$ '
LOGONSERVER = '\\SCAERBIUM'
PROCESSOR_ARCHITECTURE = 'x86'
SHLVL = '1'
PATHEXT = '.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH'
HOMEDRIVE = 'C:'
COMSPEC = 'C:\WINDOWS\system32\cmd.exe'
LOGNAME = 'sunni'
TMP = '/cygdrive/c/DOCUME~1/SSHD_S~1/LOCALS~1/Temp'
SYSTEMROOT = 'C:\WINDOWS'
PRINTER = 'Auto HP LaserJet 4L on TWEETY (from WCASUNNI82) in session 1'
CVS_RSH = '/bin/ssh'
PROCESSOR_REVISION = '0407'
SSH_CONNECTION = '10.66.100.10 2080 10.66.50.27 22'
INFOPATH = '/usr/local/info:/usr/share/info:/usr/info:'
PROGRAMFILES = 'C:\Program Files'
NUMBER_OF_PROCESSORS = '2'
COMPUTERNAME = 'SCAERBIUM'
_ = '/usr/bin/cygcheck'
POSIXLY_CORRECT = '1'

HKEY_CURRENT_USER\Software\Cygnus Solutions
HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin
HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\mounts v2
HKEY_CURRENT_USER\Software\Cygnus Solutions\Cygwin\Program Options
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2
  (default) = '/cygdrive'
  cygdrive flags = 0x0020
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/
  (default) = 'C:\cygwin'
  flags = 0x0008
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/bin
  (default) = 'C:\cygwin/bin'
  flags = 0x0008
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/lib
  (default) = 'C:\cygwin/lib'
  flags = 0x0008
HKEY_LOCAL_MACHINE\SOFTWARE\C