This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: ntsec: What am I doing wrong?


I'm using the 1999-11-22 cygwin-inst with the 1999-11-23 cygwin1.dll. 
All drives except C:\ (mounted as /c) are NTFS. And the example I gave
*was* real -- I wasn't making up the fact that 'id' reported UID/GID's
of "0" or that 'ls -l' said "user" and "group" instead of "cwilson" 
and "None".

output of 'mkpasswd -l'
*****************

Everyone:*:0:0:,S-1-1-0::
SYSTEM:*:18:18:,S-1-5-18::
Administrator::500:513:,S-1-5-21-144006512-467950226-1660491571-500:/e/Users/Administrator:/bin/sh
cwilson::1002:513:Charles Wilson,S-1-5-21-144006512-467950226-1660491571-1002:/e/Users/cwilson:/bin/sh
Guest::501:513:,S-1-5-21-144006512-467950226-1660491571-501::/bin/sh
pehite::1004:513:Preston E. Hite,S-1-5-21-144006512-467950226-1660491571-1004:/e/Users/pehite:/bin/sh
services::1001:513:services,S-1-5-21-144006512-467950226-1660491571-1001:/e/Users/services:/bin/sh
thudson::1003:513:Tina Hudson,S-1-5-21-144006512-467950226-1660491571-1003:/e/Users/thudson:/bin/sh

output of 'mkgroup -l'
*****************

Everyone:S-1-1-0:0:
SYSTEM:S-1-5-18:18:
None:S-1-5-21-144006512-467950226-1660491571-513:513:
Administrators:S-1-5-32-544:544:
Backup Operators:S-1-5-32-551:551:
Guests:S-1-5-32-546:546:
Power Users:S-1-5-32-547:547:
Replicator:S-1-5-32-552:552:
Users:S-1-5-32-545:545:
NoLocalLogon:S-1-5-21-144006512-467950226-1660491571-1005:1005:
SU Users:S-1-5-21-144006512-467950226-1660491571-1000:1000:

output of 'id' (logged in as "Administrator")
*****************

uid=0(user) gid=0(group)

output of 'ls -l' (logged in as "Administrator")
*****************

total 936
drwxrwxrwx   1 user     group           0 Mar 25  1999 APPS
-rw-rw-rw-   1 user     group      524288 Jun 24 23:16 Application Log File Thru 6.24.99.evt
-rwxrwxrwx   1 user     group          75 Jan 16  1999 CMDAUTO.CMD
drwxrwxrwx   1 user     group           0 Feb 27  1999 DRIVES
-rw-rw-rw-   1 user     group         230 Feb 28  1999 MACROS.TXT
drwxrwxrwx   1 user     group           0 Oct  2 21:55 Net
-rw-rw-rw-   1 user     group       37888 Jul 10  1997 NewAutoShapes.xls
-rwxrwxrwx   1 user     group         731 Feb 28  1999 NewUser.cmd
-rw-rw-rw-   1 user     group         103 Feb 28  1999 NewUser.tmp1
-rw-rw-rw-   1 user     group        4991 Feb 28  1999 NewUser.tmp2
-rw-rw-rw-   1 user     group      327680 Jun 24 23:16 System Log File Thru 6.24.99.evt
drwxrwxrwx   1 user     group           0 Feb  3  1999 autosave
drwxrwxrwx   1 user     group           0 Feb 28  1999 bin
-rw-rw-rw-   1 user     group         625 Nov 26 12:46 foo
-rw-rw-rw-   1 user     group         394 Nov 26 12:46 foo2
-rw-rw-rw-   1 user     group           0 Nov 26 12:47 foo3
-rw-rw-rw-   1 user     group         952 Feb 28  1999 mounts.reg
-rwxrwxrwx   1 user     group       55568 Feb 28  1999 reg.exe


output of 'id' (logged in as "cwilson")
*****************

uid=0(user) gid=0(group)

output of 'ls -l' (logged in as "cwilson")
*****************

total 2329
drwxrwxrwx   1 user     group           0 Nov 26 00:59 bzip2-0.9.5d
drwxrwxrwx   1 user     group           0 Mar 13  1999 dllhelpers-0.2.5
-rw-rw-rw-   1 user     group           0 Nov 26 12:58 foo6
-rw-rw-rw-   1 user     group     1426994 Nov 24 21:31 freetype-1.3.tar.gz
-rw-rw-rw-   1 user     group      324774 Nov 24 21:28 jbigkit-1.0.tar.gz
drwxrwxrwx   1 user     group           0 Nov 26 05:53 jpeg-6b
drwxrwxrwx   1 user     group           0 Nov 26 05:17 libpng-1.0.5
drwxrwxrwx   1 user     group           0 Oct 14 07:43 libpng-1.0.5-orig
-rw-rw-rw-   1 user     group      631491 Nov 24 21:15 tiff-v3.5.2.tar.gz
drwxrwxrwx   1 user     group           0 Nov 26 05:10 zlib-1.1.3


Corinna Vinschen wrote:
> 
> "Charles S. Wilson" wrote:
> > mkpasswd -l -g > passwd
> > mkgroup -l > group
> >
> > I'm using NT, so in the "My Computer"->Properties->Environment pane, I
> > set CYGWIN=binmode tty ntea ntsec
> > [...]
> > Now, I start bash, and do an 'ls -l'
> > total 17
> > -rw-rw-rw-   1 user     group         871 May 19  1999 bashrc
> > [...]
> > -rw-rw-rw-   1 user     group        9828 Dec  1  1998 termcap
> >
> > 'id' reports:
> > uid=0(user) gid=0(group)
> 
> Hi Charles,
> 
> do you work on a FAT partition? FAT isn't able to handle NT security
> settings. On FAT all entries are simulated to be owned by the current
> user.
> 
> If you use NTFS, you should make your sample real: Send the output
> of `mkpasswd -l' `mkgroup -l' and `ls -ln' of an NTFS dir.
> 
> In the latest snapshots `ntsec' has additional features which are
> not visible on the first glance. You are able to use them if you
> call `mkpasswd' and `mkgroup' from the snapshots. Both tools now
> additionally write the SIDs into the passwd and group file.
> Unfortunately, I still haven't updated the ntsec documentation
> (documentation is WORK ;-)) so I post the brief description which
> I have given in the developers mailing list. Hope, this helps.
> Additional questions will be gladly answered (please send them
> to the list).
> 
> ============ SNIP ==============
> Hi!
> 
> I have patched ntsec so, that SIDs are used, that were previously
> saved in /etc/passwd and /etc/group. This has following advantages:
> 
> - Correct working ntsec in domain environments.
> 
> - Non-login accounts (users _and_ groups) may get another name in
>   /etc/passwd and /etc/group files than their NT account name.
>   The new name is transparently used by applications (so chown,
>   chgrp, ls -l, etc. use them now),
>   e.g.:
>         root::500:513:...
>   instead of
>         administrator::500:513:...
> 
>   No problem if running in console window,
>   BUT: If you need the account to login via telnet, ssh or similar
>   the login name _must_ be the NT user name.
> 
> - Cygwin UIDs and GIDs are now not necessarily the RID part of the
>   NT SID:
>   e.g.:
>         root::0:513:...
>   instead of
>         administrator::500:513:...
> 
> - As with U*X systems, UIDs and GIDs numbering scheme now don't
>   influence each other, so it's possible to have same Id's for a
>   user and a group,
>   e.g.:
>         /etc/passwd:
>         root::0:0:...           # former 'administrator::500:544:...'
> 
>         /etc/group:
>         root::0:                # former 'administrators::544:'
> 
> Disadvantages, if you like to use the new features:
> - /etc/passwd: The pw_gecos field has to contain a SID as the last
>   element of the comma separated list.
> - /etc/group: The gr_passwd (former unused) has to contain a SID.
> 
> If no SIDs are found in /etc/passwd and /etc/group, ntsec acts like
> the previous version.
> 
> The SIDs are saved in standard WinNT notation (S-1-5-32-...)
> the utilities mkpasswd and mkgroup are patched, to support the new
> format:
> 
> - mkpasswd and mkgroup generate SIDs by default. This behaviour may
>   be switched off by the new commandline option `-s' or `--no-sids'.
> 
> Moreover, mkpasswd generates the home dir path with the function
> cygwin_conv_to_posix_path(), so mount points are used now. This
> behaviour may be changed to `/cygdrive/<Driveletter>' by using the
> commandline option `-m' or `--no-mount'.
> ============ SNAP ==============
> 
> Regards,
> Corinna
> 
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]