Re: permission denied for NTFS network shares
I didn't manage to make cygrunsrv -u ... to work. The service is installed but refuses to start. Besides its quite a nuisance to add all those fancy priviledges to every user/computer that will use rsh. The situation is like that: I have interactive RSH that works fine and noninteractive rsh (using .rhosts) that denies access to network shares. So I used Expect to pass a password and command to rsh (as Chris January have suggested), converting interactive RSH to noninteractive and keeping all the benefits. Here is the Expect script that does a job (its actually modifed expect example from the WEB): exprsh.expect: #! /bin/expect -f # wrapper for RSH to make it non-interactive # server name is passed as 1st arg, command as 2nd set password DefaultPassword set user DefaultUser set server [lindex $argv 0] set cmd [lindex $argv 1] spawn rsh $server -l $user expect Password: send $password\r expect '$' send $cmd\r expect eof The drawback of this solution is that you must have a default domain user whose password is known to everybody (like the password of farm or lab computer). The good part is that you don't need to play with permission on any computer. This wrapper will work plug and play on any computer where inetd service is installed. Best regards and thanks to everybody who tried to help Genady Genady Veytsman wrote Are you saying that there is no way whatsoever to have RSH without passwords? I need it for running scripts/programs on different NT machines. Interactive behaviour (login/password) will not allow that since you can't hardcode your passwords in scripts. If you are the only user needing to rsh into the system you could try to run the daemons under your own name (cygrunsrv -u, read the README). You may also have to change ownership of key files and such. A more ambitious/risky project is to give privileges to create tokens etc.. (see README) to a domain account and run the daemons under that account. I have not tried any of that, let us know if it works. Pierre -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: permission denied for NTFS network shares
I have some problem using rsh under cygwin. It works fine for local disks and local disks of remote computers (both UNIX and NT/2000). But if I am trying to access NTFS network share (that is on file server), I receive permission denied. Here is an example: From unix machine: == == rsh genadyv --- (genadyv is Window2000 machine with cygwin) Fanfare!!! You are successfully logged in to this server!!! genadyv@GENADYV ~ $ ls -d //mystisun8/vol1/tmp - unix machine //mystisun8/vol1/tmp genadyv@GENADYV ~ $ ls -d /cygdrive/c/ local disk C /cygdrive/c genadyv@GENADYV ~ $ ls -d /cygdrive/m/ - network share on file server ls: /cygdrive/m: Permission denied genadyv@GENADYV ~ $ ls /cygdrive c d g m p x y == == I have no problem accessing /cygdrive/m/ from bash prompt in cygwin (locally). /cygdrive/m is a mount to //mystifile/mixsig$ Any help is appreciated Have you ever heard anyone say NFS is insecure? One of the reasons for this is that lots of systems are setup so that if I am root on my local machine, the NFS server assumes I can access root's files on the remote machine... Windows NT domains, however, are supposed not to suffer from the same problem. This is because, in order to access a share, you must be authenticated by the domain server. The only way to authenticate with the domain server is to log on with your username and password. Simply rsh'ing to a machine isn't enough, the domain controller will not trust you. Hence you will not have access to any network shares as it won't believe who you say you are. Chris -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: permission denied for NTFS network shares
Unix/Linux systems are much more secure then NT but they do allow RSH without password (using .rhosts). Are you saying that there is no way whatsoever to have RSH without passwords? I need it for running scripts/programs on different NT machines. Interactive behaviour (login/password) will not allow that since you can't hardcode your passwords in scripts. Thanks Genady Chris January wrote: Have you ever heard anyone say NFS is insecure? One of the reasons for this is that lots of systems are setup so that if I am root on my local machine, the NFS server assumes I can access root's files on the remote machine... Windows NT domains, however, are supposed not to suffer from the same problem. This is because, in order to access a share, you must be authenticated by the domain server. The only way to authenticate with the domain server is to log on with your username and password. Simply rsh'ing to a machine isn't enough, the domain controller will not trust you. Hence you will not have access to any network shares as it won't believe who you say you are. Chris I have some problem using rsh under cygwin. It works fine for local disks and local disks of remote computers (both UNIX and NT/2000). But if I am trying to access NTFS network share (that is on file server), I receive permission denied. Here is an example: From unix machine: == == rsh genadyv --- (genadyv is Window2000 machine with cygwin) Fanfare!!! You are successfully logged in to this server!!! genadyv@GENADYV ~ $ ls -d //mystisun8/vol1/tmp - unix machine //mystisun8/vol1/tmp genadyv@GENADYV ~ $ ls -d /cygdrive/c/ local disk C /cygdrive/c genadyv@GENADYV ~ $ ls -d /cygdrive/m/ - network share on file server ls: /cygdrive/m: Permission denied genadyv@GENADYV ~ $ ls /cygdrive c d g m p x y == == I have no problem accessing /cygdrive/m/ from bash prompt in cygwin (locally). /cygdrive/m is a mount to //mystifile/mixsig$ Any help is appreciated -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: permission denied for NTFS network shares
Unix/Linux systems are much more secure then NT but they do allow RSH without password (using .rhosts). Are you saying that there is no way whatsoever to have RSH without passwords? I need it for running scripts/programs on different NT machines. Interactive behaviour (login/password) will not allow that since you can't hardcode your passwords in scripts. AFAIK you'll need to supply a password at some point. You could try using expect or something similar to pass the password through. Chris -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: permission denied for NTFS network shares
It seems you are right. I tried to use RSH without .rhosts, supplying password and then all the shares were accessible. Now I just need to find a way to supply a password noninteractivly. I know that rexec allows to do it on unix, but there is no rexec in cygwin. Thanks Genady Chris January wrote: Unix/Linux systems are much more secure then NT but they do allow RSH without password (using .rhosts). Are you saying that there is no way whatsoever to have RSH without passwords? I need it for running scripts/programs on different NT machines. Interactive behaviour (login/password) will not allow that since you can't hardcode your passwords in scripts. AFAIK you'll need to supply a password at some point. You could try using expect or something similar to pass the password through. Chris -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: permission denied for NTFS network shares
Genady Veytsman wrote Are you saying that there is no way whatsoever to have RSH without passwords? I need it for running scripts/programs on different NT machines. Interactive behaviour (login/password) will not allow that since you can't hardcode your passwords in scripts. If you are the only user needing to rsh into the system you could try to run the daemons under your own name (cygrunsrv -u, read the README). You may also have to change ownership of key files and such. A more ambitious/risky project is to give privileges to create tokens etc.. (see README) to a domain account and run the daemons under that account. I have not tried any of that, let us know if it works. Pierre -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: permission denied for NTFS network shares
Does it mean that this problem have no solution? Sure somebody hit this wall before. Thanks Genady From: Vince Hoffman Vince dot Hoffman at uk dot circle dot com To: cygwin at cygwin dot com Date: Fri, 20 Dec 2002 12:28:41 - Subject: RE: permission denied for NTFS network shares Network access via rsh/ssh needs you to log in with a paasword, ths creates the neesacery NT security tokens. passwordless logins (.rhosts/pubkey etc) do not do this thus you cannot get network access. (actualy i think its a little more compicated but i'm too hungover to remember ;) -Original Message- From: Genady Veytsman [mailto:[EMAIL PROTECTED]] Sent: 19 December 2002 12:11 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RSH: permission denied for NTFS network shares Hi, I have some problem using rsh under cygwin. It works fine for local disks and local disks of remote computers (both UNIX and NT/2000). But if I am trying to access NTFS network share (that is on file server), I receive permission denied. Here is an example: From unix machine: == == rsh genadyv --- (genadyv is Window2000 machine with cygwin) Fanfare!!! You are successfully logged in to this server!!! genadyv@GENADYV ~ $ ls -d //mystisun8/vol1/tmp - unix machine //mystisun8/vol1/tmp genadyv@GENADYV ~ $ ls -d /cygdrive/c/ local disk C /cygdrive/c genadyv@GENADYV ~ $ ls -d /cygdrive/m/ - network share on file server ls: /cygdrive/m: Permission denied genadyv@GENADYV ~ $ ls /cygdrive c d g m p x y == == I have no problem accessing /cygdrive/m/ from bash prompt in cygwin (locally). /cygdrive/m is a mount to //mystifile/mixsig$ Any help is appreciated Regards Genady Veytsman -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: permission denied for NTFS network shares
Network access via rsh/ssh needs you to log in with a paasword, ths creates the neesacery NT security tokens. passwordless logins (.rhosts/pubkey etc) do not do this thus you cannot get network access. (actualy i think its a little more compicated but i'm too hungover to remember ;) -Original Message- From: Genady Veytsman [mailto:[EMAIL PROTECTED]] Sent: 19 December 2002 12:11 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RSH: permission denied for NTFS network shares Hi, I have some problem using rsh under cygwin. It works fine for local disks and local disks of remote computers (both UNIX and NT/2000). But if I am trying to access NTFS network share (that is on file server), I receive permission denied. Here is an example: From unix machine: == == rsh genadyv --- (genadyv is Window2000 machine with cygwin) Fanfare!!! You are successfully logged in to this server!!! genadyv@GENADYV ~ $ ls -d //mystisun8/vol1/tmp - unix machine //mystisun8/vol1/tmp genadyv@GENADYV ~ $ ls -d /cygdrive/c/ local disk C /cygdrive/c genadyv@GENADYV ~ $ ls -d /cygdrive/m/ - network share on file server ls: /cygdrive/m: Permission denied genadyv@GENADYV ~ $ ls /cygdrive c d g m p x y == == I have no problem accessing /cygdrive/m/ from bash prompt in cygwin (locally). /cygdrive/m is a mount to //mystifile/mixsig$ Any help is appreciated Regards Genady Veytsman -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/