NT security and cygwin

NT security and cygwin

[Tolkin, Steve]

What prompted this was discovering that I could not delete files from /temp
and also that rcs ci was failing (see next email).
The answer to this first problem was that I needed to chmod +w /temp first.

But I do not understand how cygwin interacts with NT security.

I found some discussion of NT security in the mail archives at
www.delorie.com/archives/browse.cgi specifically the item
3913FB8B.77A8647@vinschen.de
"NT security and the ntsec usage"

Is this on the web anywhere?  Is it not available from 
www.vinschen.de

It is only "Chapter 2. Setting up Cygwin".  But is the rest of the Cygwin
User;s guide avaiable somewhere?

Q0. The /temp directory was created a long time ago.  When I first looked
using ls -ld it had
permissions dr-xr-xr-x  Is this standard for directories created in DOS?
What other directories 
might not be writable, that I should change now?

Q1. In NT I am am member of a domain and my USERNAME is SY71046.
Why isn't that used in cygwin?
I ran mkpasswd -d and saw 900 users in my domain -- but not me!
Is this part of the problem?

Q2. Why does id report administrator with a lowercase a but passwd has one
with an upper case A?

504~> id
uid=500(administrator) gid=544(Administrators) groups=544(Administrators)

Q3. I'd rather than new files be created by my id than administartor.
How can I achieve that?
527/etc> touch foo
528/etc> ls -l foo
-rw-rw-rw-   1 administ Administ        0 Jun  1 11:05 foo

Here is my /etc/passwd, slightly sanitized
Everyone:*:0:0:,S-1-1-0::
SYSTEM:*:18:18:,S-1-5-18::
Administrator::500:544:,S-1-5-....-500::/bin/sh
Guest::501:513:,S-1-5-21-....-501::/bin/sh
stolkin::1000:544:Steven Tolkin,S-1-5-21-...-1000::/bin/sh
VUSR_BOSA454958::1001:513:VSA Server Account,S-1-5-21-....-1001::/bin/sh

Note that I changed the group number for administrator, and for stolkin.
They were originally emited by mkpasswd -l as value 513, meaning none.

Here is my /etc/group:
Everyone:S-1-1-0:0:
SYSTEM:S-1-5-18:18:
None:S-1-5-21-...-513:513:
Administrators:S-1-5-32-544:544:
Backup Operators:S-1-5-32-551:551:
Guests:S-1-5-32-546:546:
Power Users:S-1-5-32-547:547:
Replicator:S-1-5-32-552:552:
Users:S-1-5-32-545:545:

Thanks,
Steve
-- 
Steven Tolkin          steve.tolkin@fmr.com      617-563-0516 
Fidelity Investments   82 Devonshire St. R24D    Boston MA 02109
There is nothing so practical as a good theory.  Comments are by me, 
not Fidelity Investments, its subsidiaries or affiliates.


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: NT security and cygwin

[Chris Faylor]

On Thu, Jun 01, 2000 at 11:11:52AM -0400, Tolkin, Steve wrote:
>It is only "Chapter 2. Setting up Cygwin".  But is the rest of the Cygwin
>User;s guide avaiable somewhere?

If you had to guess where something like a user's guide might be
available, what would make sense?

(pause)

Why, the project web page!

http://sourceware.cygnus.com/cygwin/

cgf

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: NT security and cygwin

[Corinna Vinschen]

"Tolkin, Steve" wrote:
> 
> What prompted this was discovering that I could not delete files from /temp
> and also that rcs ci was failing (see next email).
> The answer to this first problem was that I needed to chmod +w /temp first.
> 
> But I do not understand how cygwin interacts with NT security.
> 
> I found some discussion of NT security in the mail archives at
> www.delorie.com/archives/browse.cgi specifically the item
> 3913FB8B.77A8647@vinschen.de
> "NT security and the ntsec usage"
> 
> Is this on the web anywhere?  Is it not available from
> www.vinschen.de
> 
> It is only "Chapter 2. Setting up Cygwin".  But is the rest of the Cygwin
> User;s guide avaiable somewhere?
> 
> Q0. The /temp directory was created a long time ago.  When I first looked
> using ls -ld it had
> permissions dr-xr-xr-x  Is this standard for directories created in DOS?
> What other directories
> might not be writable, that I should change now?
> 
> Q1. In NT I am am member of a domain and my USERNAME is SY71046.
> Why isn't that used in cygwin?
> I ran mkpasswd -d and saw 900 users in my domain -- but not me!
> Is this part of the problem?
> 
> Q2. Why does id report administrator with a lowercase a but passwd has one
> with an upper case A?
> 
> 504~> id
> uid=500(administrator) gid=544(Administrators) groups=544(Administrators)
> 
> Q3. I'd rather than new files be created by my id than administartor.
> How can I achieve that?
> 527/etc> touch foo
> 528/etc> ls -l foo
> -rw-rw-rw-   1 administ Administ        0 Jun  1 11:05 foo
> 
> Here is my /etc/passwd, slightly sanitized
> Everyone:*:0:0:,S-1-1-0::
> SYSTEM:*:18:18:,S-1-5-18::
> Administrator::500:544:,S-1-5-....-500::/bin/sh
> Guest::501:513:,S-1-5-21-....-501::/bin/sh
> stolkin::1000:544:Steven Tolkin,S-1-5-21-...-1000::/bin/sh
> VUSR_BOSA454958::1001:513:VSA Server Account,S-1-5-21-....-1001::/bin/sh
> 
> Note that I changed the group number for administrator, and for stolkin.
> They were originally emited by mkpasswd -l as value 513, meaning none.

All what you want is possible when adding `ntsec' to the
env.var CYGWIN. The documentation for ntsec is currently
only in the sources but I have posted it as html in
this mailing list a few weeks ago. Search the archive.

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: NT security and cygwin

[David Bolen]

Tolkin, Steve [Steve.Tolkin@fmr.com] writes:

> I now say
> export CYGWIN="ntsec ntea tty notitle"
> in my .bashrc, but this does not seem to change anything.

Your .bashrc is too late to set this variable.  The CYGWIN environment
variable is read by CYGWIN1.DLL when it is first loaded (which happens when
you run the first Cygwin executable).  So in this case, the fact that you
started bash loaded cygwin1.dll and looked for the variable.  By the time
bash got around to reading the .bashrc and setting the variable, the DLL had
already looked for it.

The simplest way to handle this is to set the variable in the system
environment (right Click on My Computer, choose Properties and then
Environment) or in your per-user environment.

Next, make sure that you exit _all_ applications that use the cygwin1.dll
file - and this includes stopping any services that may be linked to it.

Then, the next time you start up processes you'll be using the new CYGWIN
values.

-- David

/-----------------------------------------------------------------------\
 \               David Bolen            \   E-mail: db3l@fitlinxx.com  /
  |             FitLinxx, Inc.            \  Phone: (203) 708-5192    |
 /  860 Canal Street, Stamford, CT  06902   \  Fax: (203) 316-5150     \
\-----------------------------------------------------------------------/

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: NT security and cygwin

[Tolkin, Steve]

Thanks for the reply.
I now say
export CYGWIN="ntsec ntea tty notitle"
in my .bashrc, but this does not seem to change anything.
P.S.  I am not sure what those other values are for -- I am just a monkey
copying things I have read.

I am running Cygwin 1.1.0 and I read somewhere that ntsec was supposed to be

on by default in that release.

Steve

> -----Original Message-----
> From: Corinna Vinschen [ mailto:corinna@vinschen.de ]
> Sent: Thursday, June 01, 2000 5:09 PM
> To: Tolkin, Steve
> Cc: cygwin@sourceware.cygnus.com
> Subject: Re: NT security and cygwin
> 
> 
> "Tolkin, Steve" wrote:
> > 
> > What prompted this was discovering that I could not delete 
> files from /temp
> > and also that rcs ci was failing (see next email).
> > The answer to this first problem was that I needed to chmod 
> +w /temp first.
> > 
> > But I do not understand how cygwin interacts with NT security.
> > 
> > I found some discussion of NT security in the mail archives at
> > www.delorie.com/archives/browse.cgi specifically the item
> > 3913FB8B.77A8647@vinschen.de
> > "NT security and the ntsec usage"
> > 
> > Is this on the web anywhere?  Is it not available from
> > www.vinschen.de
> > 
> > It is only "Chapter 2. Setting up Cygwin".  But is the rest 
> of the Cygwin
> > User;s guide avaiable somewhere?
> > 
> > Q0. The /temp directory was created a long time ago.  When 
> I first looked
> > using ls -ld it had
> > permissions dr-xr-xr-x  Is this standard for directories 
> created in DOS?
> > What other directories
> > might not be writable, that I should change now?
> > 
> > Q1. In NT I am am member of a domain and my USERNAME is SY71046.
> > Why isn't that used in cygwin?
> > I ran mkpasswd -d and saw 900 users in my domain -- but not me!
> > Is this part of the problem?
> > 
> > Q2. Why does id report administrator with a lowercase a but 
> passwd has one
> > with an upper case A?
> > 
> > 504~> id
> > uid=500(administrator) gid=544(Administrators) 
> groups=544(Administrators)
> > 
> > Q3. I'd rather than new files be created by my id than 
> administartor.
> > How can I achieve that?
> > 527/etc> touch foo
> > 528/etc> ls -l foo
> > -rw-rw-rw-   1 administ Administ        0 Jun  1 11:05 foo
> > 
> > Here is my /etc/passwd, slightly sanitized
> > Everyone:*:0:0:,S-1-1-0::
> > SYSTEM:*:18:18:,S-1-5-18::
> > Administrator::500:544:,S-1-5-....-500::/bin/sh
> > Guest::501:513:,S-1-5-21-....-501::/bin/sh
> > stolkin::1000:544:Steven Tolkin,S-1-5-21-...-1000::/bin/sh
> > VUSR_BOSA454958::1001:513:VSA Server 
> Account,S-1-5-21-....-1001::/bin/sh
> > 
> > Note that I changed the group number for administrator, and 
> for stolkin.
> > They were originally emited by mkpasswd -l as value 513, 
> meaning none.
> 
> All what you want is possible when adding `ntsec' to the
> env.var CYGWIN. The documentation for ntsec is currently
> only in the sources but I have posted it as html in
> this mailing list a few weeks ago. Search the archive.
> 
> Corinna
> 
> -- 
> Corinna Vinschen
> Cygwin Developer
> Cygnus Solutions, a Red Hat company
> 

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com