Re: Permissions problem mounting NFS shares from Cygwin sshd
On May 11 12:20, Chip Olson wrote: sshd : PID 1364 : starting service `sshd' failed: execve: 1, Operation not permitted. Which tells me Administrator doesn't have the privileges to start sshd. What does the event log show? In any case, you should not only check permissions on sshd.exe, but also on all files which are accessed by sshd. The general rule is that all these files must be owned by the user running sshd. In your case Administrator. If I'd want to run sshd under another account for testing purposes, I'd do this: $ chown other-account /etc/ssh* /var/empty You should also have another look into the permissions of the private host keys. They should be very strong: $ chmod 600 /etc/ssh_host*key Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:cygwin@cygwin.com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Permissions problem mounting NFS shares from Cygwin sshd
On Tue, 10 May 2005, Chip Olson wrote: Quoth Larry Hall: At 03:03 PM 5/10/2005, you wrote: snip I read in the archives that logging in with public-key authentication can cause problems like this, and indeed, if I log in via ssh with -o PubKeyAuthentication=no, the mount works fine (and reports my user's UID and GID, not 0 for both as when I mount from the desktop). I have another machine here that mounts just fine from a public-key ssh session. Unfortunately, the person who configured it is no longer with the company. :-( See the FAQ entry: Why don't my services work (or access network shares)? http://cygwin.com/faq/faq_toc.html#TOC33 After reading the FAQ entry, the referenced cygrunsrv README and http://cygwin.com/cygwin-ug-net/ntsec.html, I made the following changes to my configuration, independently of each other: - Changed the group IDs of Administrator and my user account from 513 (None) to 544 (Administrators). This had no effect. Read the above page again, please. If I understood your statement correctly, you've edited /etc/passwd and /etc/group directly. This is not *supposed* to have any effect, unless you use the appropriate Windows tools to adjust group memberships. - Reinstalled sshd so as to log in as Administrator, as follows: cygrunsrv --install sshd -u Administrator -w mypasswd -p /usr/sbin/sshd.exe When I subsequently ran cygrunsrv --start sshd, I got: cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1053: The service did not respond to the start or control request in a timely fashion. The usual place to look for the actual errors when starting sshd is the Windows event log. sshd was then hung in starting state, according to Service Manager, and I had to reboot to clear it. FWIW, you can try killing the corresponding cygrunsrv process (using either the Task Manager or /bin/kill -f) instead of rebooting. Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_[EMAIL PROTECTED] ZZZzz /,`.-'`'-. ;-;;,_[EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! The Sun will pass between the Earth and the Moon tonight for a total Lunar eclipse... -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Permissions problem mounting NFS shares from Cygwin sshd
Quoth Igor Pechtchanski: Read the above page again, please. If I understood your statement correctly, you've edited /etc/passwd and /etc/group directly. This is not *supposed* to have any effect, unless you use the appropriate Windows tools to adjust group memberships. From the NT Security document: Unfortunately, workstations and servers outside of domains are not able to set primary groups! In these cases, where there is no correlation of users to primary groups, NT returns 513 (None) as primary group, regardless of the membership to existing local groups. When using mkpasswd -l -g on such systems, you have to change the primary group by hand if `None' as primary group is not what you want (and I'm sure, it's not what you want!) This machine is not in a domain. I understood the above to mean I needed to generate the password file with mkpasswd and edit it to change those group IDs. Am I understanding incorrectly? The usual place to look for the actual errors when starting sshd is the Windows event log. OK, this is interesting: sshd : PID 1364 : starting service `sshd' failed: execve: 1, Operation not permitted. Which tells me Administrator doesn't have the privileges to start sshd. Following the tried-and-true troubleshooting methodology of dunno, maybe it'll work, I changed /usr/sbin/sshd's ownership from Administrator:Users to Administrator:Administrators. Its group ID changed from 545 to 544, as I would expect, but the change had no effect. -- -Chip Olson | [EMAIL PROTECTED] | And the sands will roll out a carpet of gold / For your weary toes to be a-touchin' / And the ship's wise men will remind you once again / The whole wide world is watchin' -Bob Dylan, When The Ship Comes In -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Permissions problem mounting NFS shares from Cygwin sshd
On Wed, 11 May 2005, Chip Olson wrote: Quoth Igor Pechtchanski: Read the above page again, please. If I understood your statement correctly, you've edited /etc/passwd and /etc/group directly. This is not *supposed* to have any effect, unless you use the appropriate Windows tools to adjust group memberships. From the NT Security document: Unfortunately, workstations and servers outside of domains are not able to set primary groups! In these cases, where there is no correlation of users to primary groups, NT returns 513 (None) as primary group, regardless of the membership to existing local groups. When using mkpasswd -l -g on such systems, you have to change the primary group by hand if `None' as primary group is not what you want (and I'm sure, it's not what you want!) This machine is not in a domain. I understood the above to mean I needed to generate the password file with mkpasswd and edit it to change those group IDs. Am I understanding incorrectly? I believe so. I read the above as one only needs to change /etc/passwd and /etc/group if the machine is part of a domain. Perhaps it could be reworded to make that clearer -- http://cygwin.com/acronyms/#PTC. The usual place to look for the actual errors when starting sshd is the Windows event log. OK, this is interesting: sshd : PID 1364 : starting service `sshd' failed: execve: 1, Operation not permitted. Your Administrator user is probably not seeing /usr/sbin, or the permissions on /usr/sbin are wrong. Hard to know without more information. Which tells me Administrator doesn't have the privileges to start sshd. Following the tried-and-true troubleshooting methodology of dunno, maybe it'll work, I changed /usr/sbin/sshd's ownership from Administrator:Users to Administrator:Administrators. Its group ID changed from 545 to 544, as I would expect, but the change had no effect. I don't recall you attaching the output of cygcheck -svr as requested in http://cygwin.com/problems.html. Please provide that information so that we know what you have on your Cygwin installation. Also, if you log in as Administrator, can you explicitly run /usr/sbin/sshd? If not, what is the error message? Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_[EMAIL PROTECTED] ZZZzz /,`.-'`'-. ;-;;,_[EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! The Sun will pass between the Earth and the Moon tonight for a total Lunar eclipse... -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Permissions problem mounting NFS shares from Cygwin sshd
Quoth Larry Hall: At 03:03 PM 5/10/2005, you wrote: snip I read in the archives that logging in with public-key authentication can cause problems like this, and indeed, if I log in via ssh with -o PubKeyAuthentication=no, the mount works fine (and reports my user's UID and GID, not 0 for both as when I mount from the desktop). I have another machine here that mounts just fine from a public-key ssh session. Unfortunately, the person who configured it is no longer with the company. :-( See the FAQ entry: Why don't my services work (or access network shares)? http://cygwin.com/faq/faq_toc.html#TOC33 After reading the FAQ entry, the referenced cygrunsrv README and http://cygwin.com/cygwin-ug-net/ntsec.html, I made the following changes to my configuration, independently of each other: - Changed the group IDs of Administrator and my user account from 513 (None) to 544 (Administrators). This had no effect. - Reinstalled sshd so as to log in as Administrator, as follows: cygrunsrv --install sshd -u Administrator -w mypasswd -p /usr/sbin/sshd.exe When I subsequently ran cygrunsrv --start sshd, I got: cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1053: The service did not respond to the start or control request in a timely fashion. sshd was then hung in starting state, according to Service Manager, and I had to reboot to clear it. -- -Chip Olson | [EMAIL PROTECTED] | And the sands will roll out a carpet of gold / For your weary toes to be a-touchin' / And the ship's wise men will remind you once again / The whole wide world is watchin' -Bob Dylan, When The Ship Comes In -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
