* Accessing SMB share as wrong user? @ 2017-05-29 3:12 David Dyer-Bennet 2017-05-29 18:37 ` David Dyer-Bennet 2017-05-29 20:22 ` Andrey Repin 0 siblings, 2 replies; 11+ messages in thread From: David Dyer-Bennet @ 2017-05-29 3:12 UTC (permalink / raw) To: cygwin All my files are on drive P: in Windows, which is an SMB share equivalent to \\fsfs\ddb\Documents. Everything works fine in windows apps, and I see what I expect in Explorer, including when I go down to security properties and look in detail. However, Cygwin has trouble with this lately (I can't trace exactly when it started happening; not weeks, maybe a year, but I've been running essentially this way since 2006 and most of the time things were fine). Cygwin appears to be accessing the share as some kind of unknown user, rather than as the proper user configured in Windows for that share (which is FSFS\ddb). In Cygwin "id" shows $ id uid=197608(David Dyer-Bennet) gid=197121(None) groups=197121(None),114(Local account and member of Administrators group),544(Administrators),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local account),66048(LOCAL),262154(NTLM Authentication),405504(High Mandatory Level) but if I create a file it gets created owned by "Unknown+User": $ touch foobar David Dyer-Bennet@DDB4 /cygdrive/p $ ls -l foobar ----r--r-- 1 Unknown+User Unix_Group+1001 0 May 28 17:27 foobar David Dyer-Bennet@DDB4 /cygdrive/p $ getfacl foobar # file: foobar # owner: Unknown+User # group: Unix_Group+1001 user::--- group::r-- other:r-- And then of course I can't access it: $ echo things >> foobar -bash: foobar: Permission denied I haven't that I've noticed done anything to change what user I run as; $USER is "David Dyer-Bennet" (the Windows username I'm in under), and /etc/passwd has default output from mkpasswd, including the user "David Dyer-Bennet" with the UID 197608 (same is ID shows at the command line). At least I can count on people here not answering "just ditch Cygwin"...right? -- David Dyer-Bennet <dd-b@dd-b.net> http://dd-b.net/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-29 3:12 Accessing SMB share as wrong user? David Dyer-Bennet @ 2017-05-29 18:37 ` David Dyer-Bennet 2017-05-29 19:18 ` Brian Inglis 2017-05-29 20:22 ` Andrey Repin 1 sibling, 1 reply; 11+ messages in thread From: David Dyer-Bennet @ 2017-05-29 18:37 UTC (permalink / raw) To: cygwin A simpler case demonstrating this; X0 is a new share (created just for testing this) with no prior history, nothing manually set. (Server is FreeNAS, current version). From the beginning, when it first sees it, it shows the file owners and groups weirdly. And then it's able to create a file and write to it *once*, but can't then append to it??? David Dyer-Bennet@DDB4 //fsfs/x0 $ id uid=197608(David Dyer-Bennet) gid=197121(None) groups=197121(None),197609(Ssh Users),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local account),66048(LOCAL),262154(NTLM Authentication),401408(Medium Mandatory Level) David Dyer-Bennet@DDB4 //fsfs/x0 $ ls -ld . drwxrwxr-x+ 1 Unknown+User Unix_Group+1001 0 May 29 11:55 . David Dyer-Bennet@DDB4 //fsfs/x0 $ getfacl . # file: . # owner: Unknown+User # group: Unix_Group+1001 user::rwx group::rwx other:r-x default:user::rwx default:group::rwx default:group:Unix_Group+1001:rwx default:mask:rwx default:other:r-x David Dyer-Bennet@DDB4 //fsfs/x0 $ David Dyer-Bennet@DDB4 //fsfs/x0 $ David Dyer-Bennet@DDB4 //fsfs/x0 $ echo something > foobar David Dyer-Bennet@DDB4 //fsfs/x0 $ ls -l foobar ----r--r-- 1 Unknown+User Unix_Group+1001 10 May 29 12:11 foobar David Dyer-Bennet@DDB4 //fsfs/x0 $ getfacl foobar # file: foobar # owner: Unknown+User # group: Unix_Group+1001 user::--- group::r-- other:r-- David Dyer-Bennet@DDB4 //fsfs/x0 $ echo more >> foobar -bash: foobar: Permission denied -- David Dyer-Bennet <dd-b@dd-b.net> http://dd-b.net/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-29 18:37 ` David Dyer-Bennet @ 2017-05-29 19:18 ` Brian Inglis 2017-05-29 19:43 ` David Dyer-Bennet 0 siblings, 1 reply; 11+ messages in thread From: Brian Inglis @ 2017-05-29 19:18 UTC (permalink / raw) To: cygwin On 2017-05-29 11:16, David Dyer-Bennet wrote: > A simpler case demonstrating this; X0 is a new share (created just > for testing this) with no prior history, nothing manually set. > (Server is FreeNAS, current version). > From the beginning, when it first sees it, it shows the file owners > and groups weirdly. > And then it's able to create a file and write to it *once*, but > can't then append to it??? > David Dyer-Bennet@DDB4 //fsfs/x0 > $ id > uid=197608(David Dyer-Bennet) gid=197121(None) > groups=197121(None),197609(Ssh > Users),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated > Users),15(This Organization),113(Local account),66048(LOCAL),262154(NTLM > Authentication),401408(Medium Mandatory Level) > David Dyer-Bennet@DDB4 //fsfs/x0 > $ ls -ld . > drwxrwxr-x+ 1 Unknown+User Unix_Group+1001 0 May 29 11:55 . > David Dyer-Bennet@DDB4 //fsfs/x0 > $ getfacl . > # file: . > # owner: Unknown+User > # group: Unix_Group+1001 > user::rwx > group::rwx > other:r-x > default:user::rwx > default:group::rwx > default:group:Unix_Group+1001:rwx > default:mask:rwx > default:other:r-x > David Dyer-Bennet@DDB4 //fsfs/x0 > David Dyer-Bennet@DDB4 //fsfs/x0 > David Dyer-Bennet@DDB4 //fsfs/x0 > $ echo something > foobar > David Dyer-Bennet@DDB4 //fsfs/x0 > $ ls -l foobar > ----r--r-- 1 Unknown+User Unix_Group+1001 10 May 29 12:11 foobar > David Dyer-Bennet@DDB4 //fsfs/x0 > $ getfacl foobar > # file: foobar > # owner: Unknown+User > # group: Unix_Group+1001 > user::--- > group::r-- > other:r-- > David Dyer-Bennet@DDB4 //fsfs/x0 > $ echo more >> foobar > -bash: foobar: Permission denied See Cygwin User's Guide section on Switching the user context: $ cygstart /usr/share/doc/cygwin-2.8.0/html/cygwin-ug-net/ntsec.html#ntsec-setuid-overview OR $ cygstart https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-29 19:18 ` Brian Inglis @ 2017-05-29 19:43 ` David Dyer-Bennet 2017-05-30 5:58 ` Brian Inglis 0 siblings, 1 reply; 11+ messages in thread From: David Dyer-Bennet @ 2017-05-29 19:43 UTC (permalink / raw) To: cygwin On 5/29/2017 12:45, Brian Inglis wrote: > On 2017-05-29 11:16, David Dyer-Bennet wrote: >> A simpler case demonstrating this; X0 is a new share (created just >> for testing this) with no prior history, nothing manually set. >> (Server is FreeNAS, current version). >> From the beginning, when it first sees it, it shows the file owners >> and groups weirdly. >> And then it's able to create a file and write to it *once*, but >> can't then append to it??? >> David Dyer-Bennet@DDB4 //fsfs/x0 >> $ id >> uid=197608(David Dyer-Bennet) gid=197121(None) >> groups=197121(None),197609(Ssh >> Users),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated >> Users),15(This Organization),113(Local account),66048(LOCAL),262154(NTLM >> Authentication),401408(Medium Mandatory Level) >> David Dyer-Bennet@DDB4 //fsfs/x0 >> $ ls -ld . >> drwxrwxr-x+ 1 Unknown+User Unix_Group+1001 0 May 29 11:55 . >> David Dyer-Bennet@DDB4 //fsfs/x0 >> $ getfacl . >> # file: . >> # owner: Unknown+User >> # group: Unix_Group+1001 >> user::rwx >> group::rwx >> other:r-x >> default:user::rwx >> default:group::rwx >> default:group:Unix_Group+1001:rwx >> default:mask:rwx >> default:other:r-x >> David Dyer-Bennet@DDB4 //fsfs/x0 >> David Dyer-Bennet@DDB4 //fsfs/x0 >> David Dyer-Bennet@DDB4 //fsfs/x0 >> $ echo something > foobar >> David Dyer-Bennet@DDB4 //fsfs/x0 >> $ ls -l foobar >> ----r--r-- 1 Unknown+User Unix_Group+1001 10 May 29 12:11 foobar >> David Dyer-Bennet@DDB4 //fsfs/x0 >> $ getfacl foobar >> # file: foobar >> # owner: Unknown+User >> # group: Unix_Group+1001 >> user::--- >> group::r-- >> other:r-- >> David Dyer-Bennet@DDB4 //fsfs/x0 >> $ echo more >> foobar >> -bash: foobar: Permission denied > > See Cygwin User's Guide section on Switching the user context: > $ cygstart > /usr/share/doc/cygwin-2.8.0/html/cygwin-ug-net/ntsec.html#ntsec-setuid-overview > OR > $ cygstart https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview That appears to be instructions on how to temporarily, in code, act as another user. My problem is that when I create a Bash shell, it accesses network drives as the wrong user. It may be possible for me to write a version of Bash that switches to the right (default) user using that information, but why is it *necessary*? Local drives are accessed fine. -- David Dyer-Bennet <dd-b@dd-b.net> http://dd-b.net/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-29 19:43 ` David Dyer-Bennet @ 2017-05-30 5:58 ` Brian Inglis 2017-05-30 7:39 ` David Dyer-Bennet 0 siblings, 1 reply; 11+ messages in thread From: Brian Inglis @ 2017-05-30 5:58 UTC (permalink / raw) To: cygwin On 2017-05-29 12:37, David Dyer-Bennet wrote: > On 5/29/2017 12:45, Brian Inglis wrote: >> On 2017-05-29 11:16, David Dyer-Bennet wrote: >>> A simpler case demonstrating this; X0 is a new share (created just >>> for testing this) with no prior history, nothing manually set. >>> (Server is FreeNAS, current version). >>> From the beginning, when it first sees it, it shows the file owners >>> and groups weirdly. >>> And then it's able to create a file and write to it *once*, but >>> can't then append to it??? >>> David Dyer-Bennet@DDB4 //fsfs/x0 >>> $ id >>> uid=197608(David Dyer-Bennet) gid=197121(None) >>> groups=197121(None),197609(Ssh >>> Users),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated >>> Users),15(This Organization),113(Local account),66048(LOCAL),262154(NTLM >>> Authentication),401408(Medium Mandatory Level) >>> David Dyer-Bennet@DDB4 //fsfs/x0 >>> $ ls -ld . >>> drwxrwxr-x+ 1 Unknown+User Unix_Group+1001 0 May 29 11:55 . >>> David Dyer-Bennet@DDB4 //fsfs/x0 >>> $ getfacl . >>> # file: . >>> # owner: Unknown+User >>> # group: Unix_Group+1001 >>> user::rwx >>> group::rwx >>> other:r-x >>> default:user::rwx >>> default:group::rwx >>> default:group:Unix_Group+1001:rwx >>> default:mask:rwx >>> default:other:r-x >>> David Dyer-Bennet@DDB4 //fsfs/x0 >>> David Dyer-Bennet@DDB4 //fsfs/x0 >>> David Dyer-Bennet@DDB4 //fsfs/x0 >>> $ echo something > foobar >>> David Dyer-Bennet@DDB4 //fsfs/x0 >>> $ ls -l foobar >>> ----r--r-- 1 Unknown+User Unix_Group+1001 10 May 29 12:11 foobar >>> David Dyer-Bennet@DDB4 //fsfs/x0 >>> $ getfacl foobar >>> # file: foobar >>> # owner: Unknown+User >>> # group: Unix_Group+1001 >>> user::--- >>> group::r-- >>> other:r-- >>> David Dyer-Bennet@DDB4 //fsfs/x0 >>> $ echo more >> foobar >>> -bash: foobar: Permission denied >> >> See Cygwin User's Guide section on Switching the user context: >> $ cygstart >> /usr/share/doc/cygwin-2.8.0/html/cygwin-ug-net/ntsec.html#ntsec-setuid-overview >> OR >> $ cygstart https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview > > That appears to be instructions on how to temporarily, in code, act as > another user. My problem is that when I create a Bash shell, it > accesses network drives as the wrong user. It may be possible for me to > write a version of Bash that switches to the right (default) user using > that information, but why is it *necessary*? Local drives are accessed > fine. That is the description of what Cygwin does to emulate a user context for remote access to shares - you may want to set up and try methods 1, 2, and 3 to see what works with your network shares. First step may be to change or remap your userid to one not containing spaces using /etc/passwd; see https://cygwin.com/faq.html#faq.setup.name-with-space then https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-30 5:58 ` Brian Inglis @ 2017-05-30 7:39 ` David Dyer-Bennet 2017-05-30 8:21 ` Brian Inglis 2017-05-30 16:47 ` Andrey Repin 0 siblings, 2 replies; 11+ messages in thread From: David Dyer-Bennet @ 2017-05-30 7:39 UTC (permalink / raw) To: cygwin On 5/29/2017 22:49, Brian Inglis wrote: > On 2017-05-29 12:37, David Dyer-Bennet wrote: >> On 5/29/2017 12:45, Brian Inglis wrote: >>> On 2017-05-29 11:16, David Dyer-Bennet wrote: >>>> A simpler case demonstrating this; X0 is a new share (created just >>>> for testing this) with no prior history, nothing manually set. >>>> (Server is FreeNAS, current version). >>>> From the beginning, when it first sees it, it shows the file owners >>>> and groups weirdly. >>>> And then it's able to create a file and write to it *once*, but >>>> can't then append to it??? >>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>> $ id >>>> uid=197608(David Dyer-Bennet) gid=197121(None) >>>> groups=197121(None),197609(Ssh >>>> Users),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated >>>> Users),15(This Organization),113(Local account),66048(LOCAL),262154(NTLM >>>> Authentication),401408(Medium Mandatory Level) >>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>> $ ls -ld . >>>> drwxrwxr-x+ 1 Unknown+User Unix_Group+1001 0 May 29 11:55 . >>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>> $ getfacl . >>>> # file: . >>>> # owner: Unknown+User >>>> # group: Unix_Group+1001 >>>> user::rwx >>>> group::rwx >>>> other:r-x >>>> default:user::rwx >>>> default:group::rwx >>>> default:group:Unix_Group+1001:rwx >>>> default:mask:rwx >>>> default:other:r-x >>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>> $ echo something > foobar >>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>> $ ls -l foobar >>>> ----r--r-- 1 Unknown+User Unix_Group+1001 10 May 29 12:11 foobar >>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>> $ getfacl foobar >>>> # file: foobar >>>> # owner: Unknown+User >>>> # group: Unix_Group+1001 >>>> user::--- >>>> group::r-- >>>> other:r-- >>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>> $ echo more >> foobar >>>> -bash: foobar: Permission denied >>> >>> See Cygwin User's Guide section on Switching the user context: >>> $ cygstart >>> /usr/share/doc/cygwin-2.8.0/html/cygwin-ug-net/ntsec.html#ntsec-setuid-overview >>> OR >>> $ cygstart https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview >> >> That appears to be instructions on how to temporarily, in code, act as >> another user. My problem is that when I create a Bash shell, it >> accesses network drives as the wrong user. It may be possible for me to >> write a version of Bash that switches to the right (default) user using >> that information, but why is it *necessary*? Local drives are accessed >> fine. > > That is the description of what Cygwin does to emulate a user context > for remote access to shares - you may want to set up and try methods 1, > 2, and 3 to see what works with your network shares. It's never been necessary before; why is it suddenly necessary now? And, again, what it is describing is how to do that *temporarily in code*, not permanently at the command line. > First step may be to change or remap your userid to one not containing > spaces using /etc/passwd; see > https://cygwin.com/faq.html#faq.setup.name-with-space > then > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba Instructions are bad, they refer (in 2.16) to a nonexistent windows management tool "GUI user manager". The actual tool, the "local users and groups" tool within "computer management", has no facility to change a username. -- David Dyer-Bennet <dd-b@dd-b.net> http://dd-b.net/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-30 7:39 ` David Dyer-Bennet @ 2017-05-30 8:21 ` Brian Inglis 2017-05-30 16:47 ` Andrey Repin 1 sibling, 0 replies; 11+ messages in thread From: Brian Inglis @ 2017-05-30 8:21 UTC (permalink / raw) To: cygwin On 2017-05-29 22:15, David Dyer-Bennet wrote: > On 5/29/2017 22:49, Brian Inglis wrote: >> On 2017-05-29 12:37, David Dyer-Bennet wrote: >>> On 5/29/2017 12:45, Brian Inglis wrote: >>>> On 2017-05-29 11:16, David Dyer-Bennet wrote: >>>>> A simpler case demonstrating this; X0 is a new share (created just >>>>> for testing this) with no prior history, nothing manually set. >>>>> (Server is FreeNAS, current version). >>>>> From the beginning, when it first sees it, it shows the file owners >>>>> and groups weirdly. >>>>> And then it's able to create a file and write to it *once*, but >>>>> can't then append to it??? >>>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>>> $ id >>>>> uid=197608(David Dyer-Bennet) gid=197121(None) >>>>> groups=197121(None),197609(Ssh >>>>> Users),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated >>>>> Users),15(This Organization),113(Local account),66048(LOCAL),262154(NTLM >>>>> Authentication),401408(Medium Mandatory Level) >>>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>>> $ ls -ld . >>>>> drwxrwxr-x+ 1 Unknown+User Unix_Group+1001 0 May 29 11:55 . >>>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>>> $ getfacl . >>>>> # file: . >>>>> # owner: Unknown+User >>>>> # group: Unix_Group+1001 >>>>> user::rwx >>>>> group::rwx >>>>> other:r-x >>>>> default:user::rwx >>>>> default:group::rwx >>>>> default:group:Unix_Group+1001:rwx >>>>> default:mask:rwx >>>>> default:other:r-x >>>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>>> $ echo something > foobar >>>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>>> $ ls -l foobar >>>>> ----r--r-- 1 Unknown+User Unix_Group+1001 10 May 29 12:11 foobar >>>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>>> $ getfacl foobar >>>>> # file: foobar >>>>> # owner: Unknown+User >>>>> # group: Unix_Group+1001 >>>>> user::--- >>>>> group::r-- >>>>> other:r-- >>>>> David Dyer-Bennet@DDB4 //fsfs/x0 >>>>> $ echo more >> foobar >>>>> -bash: foobar: Permission denied >>>> >>>> See Cygwin User's Guide section on Switching the user context: >>>> $ cygstart >>>> /usr/share/doc/cygwin-2.8.0/html/cygwin-ug-net/ntsec.html#ntsec-setuid-overview >>>> OR >>>> $ cygstart https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview >>> >>> That appears to be instructions on how to temporarily, in code, act as >>> another user. My problem is that when I create a Bash shell, it >>> accesses network drives as the wrong user. It may be possible for me to >>> write a version of Bash that switches to the right (default) user using >>> that information, but why is it *necessary*? Local drives are accessed >>> fine. >> >> That is the description of what Cygwin does to emulate a user context >> for remote access to shares - you may want to set up and try methods 1, >> 2, and 3 to see what works with your network shares. > > It's never been necessary before; why is it suddenly necessary now? It may be because there were major changes a few? releases ago, to use SAM and AD info and eliminate the need for or use of passwd and group, support nsswitch to customize this, support some customizations allowed with passwd and group in another manner, and support POSIX and Windows ACLs. > And, again, what it is describing is how to do that *temporarily in > code*, not permanently at the command line. It tells you how Cygwin implements security, how to change your environment to use those mapping methods to get access to network shares, the impact, and tradeoffs you may have to make. It describes setting up LSA authentication using cyglsa-config, and using passwd -R, optionally with cygserver, to get access to network shares, and for other uses. >> First step may be to change or remap your userid to one not containing >> spaces using /etc/passwd; see >> https://cygwin.com/faq.html#faq.setup.name-with-space >> then >> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba > > Instructions are bad, they refer (in 2.16) to a nonexistent windows > management tool "GUI user manager". The actual tool, the "local users > and groups" tool within "computer management", has no facility to change > a username. Then recreate /etc/passwd and /etc/group, and change what you need, as long as it does not cause a Cygwin conflict with what is in SAM or AD. I am well aware not everything got easier with W7 and W10 changes. Controls and features that could easily be abused by idiots or malware were removed, and replaced by more restrictions, commands, registry manipulation tools, and languages, that made many things harder to do, unless the available GUI did all that you wanted, and you have the privilege to do so. I have some scripts to do from the unprivileged command line what I can otherwise do only via a GUI run as admin! -- -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-30 7:39 ` David Dyer-Bennet 2017-05-30 8:21 ` Brian Inglis @ 2017-05-30 16:47 ` Andrey Repin 1 sibling, 0 replies; 11+ messages in thread From: Andrey Repin @ 2017-05-30 16:47 UTC (permalink / raw) To: David Dyer-Bennet, cygwin Greetings, David Dyer-Bennet! >> First step may be to change or remap your userid to one not containing >> spaces using /etc/passwd; see >> https://cygwin.com/faq.html#faq.setup.name-with-space >> then >> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba > Instructions are bad, they refer (in 2.16) to a nonexistent windows > management tool "GUI user manager". The actual tool, the "local users > and groups" tool within "computer management", has no facility to change > a username. Documentation refers to a full version of the tool - lusrmgr.msc. -- With best regards, Andrey Repin Tuesday, May 30, 2017 17:29:42 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-29 3:12 Accessing SMB share as wrong user? David Dyer-Bennet 2017-05-29 18:37 ` David Dyer-Bennet @ 2017-05-29 20:22 ` Andrey Repin 2017-05-29 21:30 ` David Dyer-Bennet 2017-05-30 4:14 ` David Dyer-Bennet 1 sibling, 2 replies; 11+ messages in thread From: Andrey Repin @ 2017-05-29 20:22 UTC (permalink / raw) To: David Dyer-Bennet, cygwin Greetings, David Dyer-Bennet! > All my files are on drive P: in Windows, which is an SMB share > equivalent to \\fsfs\ddb\Documents. Everything works fine in windows > apps, and I see what I expect in Explorer, including when I go down to > security properties and look in detail. > However, Cygwin has trouble with this lately (I can't trace exactly when > it started happening; not weeks, maybe a year, but I've been running > essentially this way since 2006 and most of the time things were fine). > Cygwin appears to be accessing the share as some kind of unknown user, > rather than as the proper user configured in Windows for that share > (which is FSFS\ddb). > In Cygwin "id" shows > $ id > uid=197608(David Dyer-Bennet) gid=197121(None) > groups=197121(None), > 114(Local account and member of Administrators group), > 544(Administrators), You're running Cygwin with elevated privileges. > 545(Users),4(INTERACTIVE),66049(CONSOLE > LOGON),11(Authenticated Users),15(This Organization),113(Local > account),66048(LOCAL),262154(NTLM Authentication),405504(High Mandatory > Level) > but if I create a file it gets created owned by "Unknown+User": > $ touch foobar > David Dyer-Bennet@DDB4 /cygdrive/p > $ ls -l foobar > ----r--r-- 1 Unknown+User Unix_Group+1001 0 May 28 17:27 foobar > David Dyer-Bennet@DDB4 /cygdrive/p > $ getfacl foobar > # file: foobar > # owner: Unknown+User > # group: Unix_Group+1001 Your share is located on Samba server. > user::--- > group::r-- > other:r-- > And then of course I can't access it: > $ echo things >> foobar > -bash: foobar: Permission denied See Cygwin manual about setting up your network identity. Read around nsswitch.conf and implications of its different settings. > I haven't that I've noticed done anything to change what user I run as; > $USER is "David Dyer-Bennet" (the Windows username I'm in under), and > /etc/passwd has default output from mkpasswd, Ditch /etc/passwd unless you absolutely require it. > including the user "David > Dyer-Bennet" with the UID 197608 (same is ID shows at the command line). > At least I can count on people here not answering "just ditch > Cygwin"...right? And please leave ramblings outside the list. This was absolutely uncalled for. -- With best regards, Andrey Repin Monday, May 29, 2017 22:49:56 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-29 20:22 ` Andrey Repin @ 2017-05-29 21:30 ` David Dyer-Bennet 2017-05-30 4:14 ` David Dyer-Bennet 1 sibling, 0 replies; 11+ messages in thread From: David Dyer-Bennet @ 2017-05-29 21:30 UTC (permalink / raw) To: cygwin On 5/29/2017 14:53, Andrey Repin wrote: > Greetings, David Dyer-Bennet! > >> All my files are on drive P: in Windows, which is an SMB share >> equivalent to \\fsfs\ddb\Documents. Everything works fine in windows >> apps, and I see what I expect in Explorer, including when I go down to >> security properties and look in detail. > >> However, Cygwin has trouble with this lately (I can't trace exactly when >> it started happening; not weeks, maybe a year, but I've been running >> essentially this way since 2006 and most of the time things were fine). > >> Cygwin appears to be accessing the share as some kind of unknown user, >> rather than as the proper user configured in Windows for that share >> (which is FSFS\ddb). > >> In Cygwin "id" shows >> $ id >> uid=197608(David Dyer-Bennet) gid=197121(None) >> groups=197121(None), > >> 114(Local account and member of Administrators group), >> 544(Administrators), > > You're running Cygwin with elevated privileges. I guess so; I had one window each way, doesn't make a difference which window I was in for this so it's not part of the problem or solution. >> 545(Users),4(INTERACTIVE),66049(CONSOLE >> LOGON),11(Authenticated Users),15(This Organization),113(Local >> account),66048(LOCAL),262154(NTLM Authentication),405504(High Mandatory >> Level) > >> but if I create a file it gets created owned by "Unknown+User": >> $ touch foobar > >> David Dyer-Bennet@DDB4 /cygdrive/p >> $ ls -l foobar >> ----r--r-- 1 Unknown+User Unix_Group+1001 0 May 28 17:27 foobar > >> David Dyer-Bennet@DDB4 /cygdrive/p >> $ getfacl foobar >> # file: foobar >> # owner: Unknown+User >> # group: Unix_Group+1001 > > Your share is located on Samba server. > >> user::--- >> group::r-- >> other:r-- Specifically, FreeNAS. (No domain controller, though.) >> And then of course I can't access it: >> $ echo things >> foobar >> -bash: foobar: Permission denied > > See Cygwin manual about setting up your network identity. > Read around nsswitch.conf and implications of its different settings. Thanks, I'll follow that up. >> I haven't that I've noticed done anything to change what user I run as; >> $USER is "David Dyer-Bennet" (the Windows username I'm in under), and >> /etc/passwd has default output from mkpasswd, > > Ditch /etc/passwd unless you absolutely require it. Huh; thought it was needed. I don't think I'm *using* it in any way. Is it important to delete the actual file? >> including the user "David >> Dyer-Bennet" with the UID 197608 (same is ID shows at the command line). > >> At least I can count on people here not answering "just ditch >> Cygwin"...right? > > And please leave ramblings outside the list. This was absolutely uncalled for. Um...a little pleasant remark about this being the home turf of Cygwin is out of place? If so, sorry! -- David Dyer-Bennet <dd-b@dd-b.net> http://dd-b.net/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Accessing SMB share as wrong user? 2017-05-29 20:22 ` Andrey Repin 2017-05-29 21:30 ` David Dyer-Bennet @ 2017-05-30 4:14 ` David Dyer-Bennet 1 sibling, 0 replies; 11+ messages in thread From: David Dyer-Bennet @ 2017-05-30 4:14 UTC (permalink / raw) To: cygwin On 5/29/2017 14:53, Andrey Repin wrote: > Greetings, David Dyer-Bennet! > >> And then of course I can't access it: >> $ echo things >> foobar >> -bash: foobar: Permission denied > > See Cygwin manual about setting up your network identity. > Read around nsswitch.conf and implications of its different settings. Okay, the detailed info on account mapping and nsswitch.conf looked like it ought to address this situation, but it doesn't actually seem to change anything. But the documentation is *exceedingly* unclear, the examples incomplete, and there's no info on easy ways to check if it's working or not, so I may be wrong. I have deleted /etc/passwd. /etc/nsswitch is the default (all comments), meaning it should be doing the default thing (in particular it should behave as if "passwd: files db" and "group: files db" were present; those are the defaults). Using the Windows Computer Management utility I was able to add Cygwin SAM comment entries to my Windows user account giving the proper Unix UID for my account on the server, and the group. And I can see that data come back from the Windows cmd.com using net user "David Dyer-Bennet": C:\Windows\System32>net user "David Dyer-Bennet" User name David Dyer-Bennet Full Name Comment <cygwin unix="1001" group="users"/> User's comment Country/region code 000 (System Default) Account active Yes Account expires Never Password last set 7/11/2015 20:29:50 Password expires Never Password changeable 7/11/2015 20:29:50 Password required No User may change password Yes Workstations allowed All Logon script User profile Home directory Last logon 5/29/2017 16:06:34 Logon hours allowed All Local Group Memberships *Administrators *Ssh Users Global Group memberships *None The command completed successfully. So, I *think* I've got it set the way the documentation says (as I said, I'm running a Samba server, but no AD or LDAP; that case is specifically addressed in the documentation you point me to, and I think I've followed that part of the instructions). (The text in the doc isn't really clear on what number I put in the unix="nnn" bit in the Cygwin comment, but the examples show a simple small integer in the range commonly used for actual Unix UIDs, and that makes sense, so I think I'm doing the right thing there.) Oh, and 1001 is the correct UID for me on the SAMBA server, I double-checked that. What with one thing and another I even ended up rebooting the Windows box after setting all that up (not, I believe, necessary; just starting a new Cygwin process tree should I think be adequate for these changes, but I *did* in fact reboot the whole box). And, after reboot, my user id in Cygwin is still based on my Windows SID (the last tuple), and my access to the files on the server behaves exactly as before. "This used to work," as they say. I've used Samba to export files from Linux, Solaris (the built-in CIFS there actually, not SAMBA), and FreeBSD servers, and accessed them from Windows and from Cygwin for more than a decade. Started being weird in the last year or two I think, taken me this long to track it down in this much detail (I was figuring the trouble was on the other end for a long time, but I've basically eliminated that). And the presence of this stuff in the documentation indicates that there *is* something I need to do in Windows to make this work. Is anybody actually using this exact mode, SAMBA but no domain controller, to a windows box, then accessing those shares via Cygwin? How are you doing it? Any suggestions on gathering more relevant information? -- David Dyer-Bennet <dd-b@dd-b.net> http://dd-b.net/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-05-30 14:35 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-05-29 3:12 Accessing SMB share as wrong user? David Dyer-Bennet 2017-05-29 18:37 ` David Dyer-Bennet 2017-05-29 19:18 ` Brian Inglis 2017-05-29 19:43 ` David Dyer-Bennet 2017-05-30 5:58 ` Brian Inglis 2017-05-30 7:39 ` David Dyer-Bennet 2017-05-30 8:21 ` Brian Inglis 2017-05-30 16:47 ` Andrey Repin 2017-05-29 20:22 ` Andrey Repin 2017-05-29 21:30 ` David Dyer-Bennet 2017-05-30 4:14 ` David Dyer-Bennet
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).