smbntsec broken for drives shared as different user

smbntsec broken for drives shared as different user

[Michael Condict]

There are many reasons in Windows why you need to map a shared drive onto
your system by connecting to it with an explicit username and password, different
from the current logged in user.  The most important reason is that you are logged
into a desktop as a local (non-domain) user and want to access files shared by
another system.  No local user on your system has the same SID as any user on
any other system, even if the user-name is the same.  Both Windows and CYGWIN
treat the two users as distinct.

But when a local user y connects to a shared drive as user x, he should have all the rights
of remote user x to access files and directories on that drive.  Windows gets this
right, but CYGWIN's smbntsec does not.  It thinks you have the rights of user y.

This shows up in strange ways.  When you try to create a file and write to it, the file
will be created, but the write will fail and it will be left zero-length.  When you try to
delete the file, "rm" will tell you it's write protected, but the delete will succeed
anyway (because the remote SMB server allows it, of course).

Is there any hope of fixing this behavior?  Right now I have a SAMBA server on
Linux sharing files to my Windows XP desktops, and I can't set them up as members
of the SAMBA domain, because then I lose one of the most precious features of
Windows XP, namely the ability to switch users without logging off (multiple logon
sessions in parallel), not to mention several other nice features (thank you very
much, MicroSoft, for making us choose between unrelated useful features!).  Anyway,
this means that I have to login to my Windows systems as a  local user, but I want my
home directory and most of my files to be on the SAMBA server, so I can access
them from any Windows desktop.  And I really don't want to completely unprotect
the shared files on the SAMBA server.

Is there perhaps a work-around for this?  Or is this just a basic incompatibility
between the SMB security model and the Unix model?

Thanks for any advice.

Michael Condict

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: smbntsec broken for drives shared as different user

[Corinna Vinschen]

On Sat, Sep 27, 2003 at 11:35:12AM -0400, Michael Condict wrote:
> There are many reasons in Windows why you need to map a shared drive onto
> your system by connecting to it with an explicit username and password, different
> from the current logged in user.  The most important reason is that you are logged
> into a desktop as a local (non-domain) user and want to access files shared by
> another system.  No local user on your system has the same SID as any user on
> any other system, even if the user-name is the same.  Both Windows and CYGWIN
> treat the two users as distinct.
> 
> But when a local user y connects to a shared drive as user x, he should have all the rights
> of remote user x to access files and directories on that drive.  Windows gets this
> right, but CYGWIN's smbntsec does not.  It thinks you have the rights of user y.

The problem is that in contrast to Windows itself, Cygwin doesn't know 
as which user you connected to a share.  At the moment I don't know
which call would return that information.  Any hint appreciated.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/