This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: nt domain security issues with cygwin dll 1.3.13-2


On Tue, 22 Oct 2002, David Meleedy wrote:

> I had reported a problem where startx was failing due to
> the X server not accepting connections.  It was pointed
> out to me that from 1.3.12-4 to 1.3.13-2, the ntsec
> option was on by default and this would affect NT domain
> machines (which is what I am using on my Windows 2000 machine).
>
> So here is the symptoms of the problem on a UID basis:
>
> DMELEEDY-D01-13: id
> uid=500(AdiPcAdmin) gid=544(Administrators) groups=544(Administrators)
> DMELEEDY-D01-14: touch foo
> DMELEEDY-D01-15: ls -l foo
> DMELEEDY-D01-16: ls -l foo
> -rw-r--r--    1 7469 Administ        0 Oct 22 03:41 foo
>
> As you can see, with 1.3.13-2, the file is owned by UID "7469" not
> 500.
>
> If I revert to the old dll, 1.3.13-2, the same file (not recreated):
>
> DMELEEDY-D01-3: ls -l foo
> -rw-r--r--    1 AdiPcAdm Administ        0 Oct 22 03:41 foo
>
> has the correct file permissions.
>
> So it was suggested that I use, mkpasswd to fix the problem.
> The problem with this is that my machine was set up by my
> corporation to use an NT domain, but it would not be connected
> to that domain unless I use VPN.  So without VPN running, this
> is what happened:
>
> DMELEEDY-D01-1: mkpasswd -d -u AdiPcAdm
> mkpasswd: [2453] Could not find domain controller for this domain
>
> So then I connected with VPN to see if I could do it after that:
>
> DMELEEDY-D0102: mkpasswd -d -u AdiPcAdm
> mkpasswd: [2221] The user name could not be found.
>
> Now this machine was set up with it's own local domain, so that
> is probably why it couldn't find the domain controller in the first
> case, and then in the 2nd case the domain controller didn't
> know anything about my local accounts.
>
> So, another problem I saw is when I reinstalled cygwin with the new
> dll, some files weren't being created properly, I remember seeing
> flashing by something about permissions not being correct to create
> the /var/spool/texmf/ls-R file, and indeed that file is 0 bytes long.
>
> So other than preventing "startx" from working, this is breaking
> the basic install process for other packages as well.
>
> What can be done to fix this?
>
> Is there a way to shut off ntsec so I can get things working with the
> new dll?
>
> Please let me know if I can supply you with any further
> information.  Also, I will be glad to help debug any tests
> you may set up.  Just tell me the details of how to download
> any test code.
>
> Thanks,
>
> -Dave

Dave,

First off, ls will cut of the name at 8 characters, so the real name is
probably longer.  Secondly, I'm guessing that you don't log in as
AdiPcAdm...  The numeric uid 7469 probably corresponds to your login user.
You should use that name as an argument to mkpasswd (when connected to
your domain).

If the above fails, adding nontsec to CYGWIN should do the trick.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Water molecules expand as they grow warmer" (C) Popular Science, Oct'02, p.51


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]