On Aug 7 12:59, Charles Wilson wrote:
Corinna Vinschen wrote:
We can require Administrators (-544) in /etc/group, and SYSTEM (-18) in
both /etc/group and /etc/passwd, right?
Yes. I'm just wondering if we shouldn't check for the Admins group
only. The token of the SYSTEM user always
Hi Chuck,
On Aug 4 21:31, Charles Wilson wrote:
Corinna Vinschen wrote:
Btw., there's a test for the administrators group in /etc/passwd.
This test is not necessary. The only reason to have the admins
group in /etc/passwd is to print file ownership correctly. It doesn't
have any other
Corinna Vinschen wrote:
Hi Chuck,
On Aug 4 21:31, Charles Wilson wrote:
Corinna Vinschen wrote:
Btw., there's a test for the administrators group in /etc/passwd.
I don't see this. I see testing /etc/passwd for the (local) Administrator
USER, and testing /etc/group for the Administrators
On Aug 7 11:25, Charles Wilson wrote:
Corinna Vinschen wrote:
Hi Chuck,
On Aug 4 21:31, Charles Wilson wrote:
Corinna Vinschen wrote:
Btw., there's a test for the administrators group in /etc/passwd.
I don't see this. I see testing /etc/passwd for the (local) Administrator
USER, and
Corinna Vinschen wrote:
No, the above lines are checking for the passwd entry for the
administrators group. S-1-5-32-544 is the SID of that group.
The SID for the Administrator user is S-1-5-21-X-Y-Z-500.
D'oh. Right.
Now, about csih_check_access() -- without exact knowledge of
On Aug 7 12:19, Charles Wilson wrote:
Corinna Vinschen wrote:
Well, hmm. In theory, admins have backup/restore rights anyway.
However, I was just thinking that csih should get rid of points of
failure which are not entirely necessary, like the checks for denied
user rights. If you think
Corinna Vinschen wrote:
We can require Administrators (-544) in /etc/group, and SYSTEM (-18) in
both /etc/group and /etc/passwd, right?
Yes. I'm just wondering if we shouldn't check for the Admins group
only. The token of the SYSTEM user always contains the Admins group and
the cyg_server
Corinna Vinschen wrote:
Along these lines, yes. I also think that using the cyg_server/
cron_server/sshd_server account should be preferred over SYSTEM on XP
and earlier systems, at least if they are domain member machines. Maybe
simply like this: The test should run on any OS, but if none of
On Jul 19 16:46, Charles Wilson wrote:
Corinna Vinschen wrote:
However, I sent a second patch in
http://cygwin.com/ml/cygwin/2008-06/msg00453.html
The Interactive Logon Right is also necessary for this account.
I don't know why I missed that. I'll roll 0.1.6 soon.
Thanks.
What also
On Jul 20 14:27, Corinna Vinschen wrote:
On Jul 19 16:46, Charles Wilson wrote:
Should be modified somehow, perhaps (UNTESTED):
for username in cyg_server cron_server sshd_server
do
if egrep ^${username}: /etc/passwd 1/dev/null 21 ||
net user ${username}
Corinna Vinschen wrote:
Oh, btw., Charles, that's one for you.
On Jun 16 23:01, Corinna Vinschen wrote:
On May 13 11:09, Schutter, Thomas A. wrote:
The problem was that the domain sshd_server account has no right to
access the domain controller from the network. Solution: Open the Local
On Jul 19 12:51, Charles Wilson wrote:
Corinna Vinschen wrote:
Oh, btw., Charles, that's one for you.
On Jun 16 23:01, Corinna Vinschen wrote:
On May 13 11:09, Schutter, Thomas A. wrote:
The problem was that the domain sshd_server account has no right to
access the domain controller from the
Corinna Vinschen wrote:
However, I sent a second patch in
http://cygwin.com/ml/cygwin/2008-06/msg00453.html
The Interactive Logon Right is also necessary for this account.
I don't know why I missed that. I'll roll 0.1.6 soon.
What also doesn't work well is this: In a domain I might want a
Charles Wilson wrote:
Corinna Vinschen wrote:
However, I sent a second patch in
http://cygwin.com/ml/cygwin/2008-06/msg00453.html
The Interactive Logon Right is also necessary for this account.
I don't know why I missed that. I'll roll 0.1.6 soon.
Here's the followup patch I applied (with
Charles, Ping?
On Jun 16 23:13, Corinna Vinschen wrote:
Oh, btw., Charles, that's one for you.
On Jun 16 23:01, Corinna Vinschen wrote:
On May 13 11:09, Schutter, Thomas A. wrote:
So when I am using pubkey authentication, the user token is not a member
of the Administrators,
Hi Thomas,
On May 13 11:09, Schutter, Thomas A. wrote:
Except that is not what I am seeing. When I run id from a console
cygwin shell:
$ id
uid=18718(tschutter) gid=10513(Domain Users)
groups=544(Administrators),545(Users),10513(Domain
Oh, btw., Charles, that's one for you.
On Jun 16 23:01, Corinna Vinschen wrote:
On May 13 11:09, Schutter, Thomas A. wrote:
Except that is not what I am seeing. When I run id from a console
cygwin shell:
$ id
uid=18718(tschutter) gid=10513(Domain Users)
On May 13 12:07, Schutter, Thomas A. wrote:
Corinna Vinschen wrote:
You're jumping to conclusions. The reason why USERNAME and USERDOMAIN
are wrong I explained in my first reply. Both values don't matter
when
Cygwin tries to connect to the PDC, as long as the /etc/passwd
pw_gecos
On May 12 18:29, Igor Peshansky wrote:
On Mon, 12 May 2008, Schutter, Thomas A. wrote:
-Original Message-
From: Schutter, Thomas A.
Sent: Monday, May 12, 2008 9:52 AM
To: '[EMAIL PROTECTED]'
http://cygwin.com/acronyms/#PCYMTNQREAIYR.
Subject: Unable to run sshd under
The application event log has this error message:
The description for Event ID ( 0 ) in Source ( sshd ) cannot
be
found. The local computer may not have the necessary registry
information or message DLL files to display messages from a
remote
computer. You may be able
Schutter, Thomas A. wrote:
Actually supplying the password instead of '*' should work.
Igor
OK. The pipe thing makes sense. But supplying the password does not
work either:
$ net use '\\other\f$' MyPassword1
System error 1909 has occurred.
The referenced account is currently
-Original Message-
On May 12 18:29, Igor Peshansky wrote:
On Mon, 12 May 2008, Schutter, Thomas A. wrote:
-Original Message-
From: Schutter, Thomas A.
Sent: Monday, May 12, 2008 9:52 AM
To: '[EMAIL PROTECTED]'
http://cygwin.com/acronyms/#PCYMTNQREAIYR.
Larry Hall wrote:
Schutter, Thomas A. wrote:
Actually supplying the password instead of '*' should work.
Igor
OK. The pipe thing makes sense. But supplying the password does not
work either:
$ net use '\\other\f$' MyPassword1
System error 1909 has occurred.
The
On May 13 11:09, Schutter, Thomas A. wrote:
-Original Message-
On May 12 18:29, Igor Peshansky wrote:
On Mon, 12 May 2008, Schutter, Thomas A. wrote:
Yes -- Windows does not understand user impersonation and does not
allow
real user switching. So what sshd does is invoke
Larry Hall wrote:
Schutter, Thomas A. wrote:
Larry Hall wrote:
Schutter, Thomas A. wrote:
Actually supplying the password instead of '*' should work.
Igor
OK. The pipe thing makes sense. But supplying the password does
not
work either:
$ net use '\\other\f$' MyPassword1
Corinna Vinschen wrote:
On May 13 11:09, Schutter, Thomas A. wrote:
-Original Message-
On May 12 18:29, Igor Peshansky wrote:
On Mon, 12 May 2008, Schutter, Thomas A. wrote:
Yes -- Windows does not understand user impersonation and does
not
allow
real user switching.
On May 13 11:49, Schutter, Thomas A. wrote:
Corinna Vinschen wrote:
Except that is not what I am seeing. When I run id from a console
cygwin shell:
$ id
uid=18718(tschutter) gid=10513(Domain Users)
groups=544(Administrators),545(Users),10513(Domain
Schutter, Thomas A. wrote:
Larry Hall wrote:
Schutter, Thomas A. wrote:
Actually supplying the password instead of '*' should work.
Igor
OK. The pipe thing makes sense. But supplying the password does not
work either:
$ net use '\\other\f$' MyPassword1
System error 1909 has
Schutter, Thomas A. wrote:
Larry Hall wrote:
snip
Ah, good point. I missed that the /user option wasn't being used.
You
need/want that.
Ug. Still no go. From a console cygwin shell:
$ net use '\\other\f$' MyPassword /user:tschutter
The command completed successfully.
$ net use
Corinna Vinschen wrote:
On May 13 11:49, Schutter, Thomas A. wrote:
Corinna Vinschen wrote:
Except that is not what I am seeing. When I run id from a
console
cygwin shell:
$ id
uid=18718(tschutter) gid=10513(Domain Users)
Larry Hall wrote:
Schutter, Thomas A. wrote:
Larry Hall wrote:
snip
Ah, good point. I missed that the /user option wasn't being used.
You
need/want that.
Ug. Still no go. From a console cygwin shell:
$ net use '\\other\f$' MyPassword /user:tschutter
The command
-Original Message-
From: Schutter, Thomas A.
Sent: Monday, May 12, 2008 9:52 AM
To: 'cygwin@cygwin.com'
Subject: Unable to run sshd under a domain sshd_server account
I am having problems setting up sshd to run under a domain sshd_server
account instead of a local sshd_server
On Mon, 12 May 2008, Schutter, Thomas A. wrote:
-Original Message-
From: Schutter, Thomas A.
Sent: Monday, May 12, 2008 9:52 AM
To: '[EMAIL PROTECTED]'
http://cygwin.com/acronyms/#PCYMTNQREAIYR.
Subject: Unable to run sshd under a domain sshd_server account
I am having
-Original Message-
From: Igor Peshansky
Sent: Monday, May 12, 2008 4:30 PM
To: Schutter, Thomas A.
Subject: RE: Unable to run sshd under a domain sshd_server account
[SOLVED]
On Mon, 12 May 2008, Schutter, Thomas A. wrote:
-Original Message-
From: Schutter, Thomas
On Mon, 12 May 2008, Schutter, Thomas A. wrote:
-Original Message-
From: Igor Peshansky
Sent: Monday, May 12, 2008 4:30 PM
To: Schutter, Thomas A.
Subject: RE: Unable to run sshd under a domain sshd_server account
[SOLVED]
On Mon, 12 May 2008, Schutter, Thomas A. wrote
On Mon, 12 May 2008, Igor Peshansky wrote:
On Mon, 12 May 2008, Schutter, Thomas A. wrote:
-Original Message-
From: Igor Peshansky
Sent: Monday, May 12, 2008 4:30 PM
To: Schutter, Thomas A.
Subject: RE: Unable to run sshd under a domain sshd_server account
[SOLVED
On Mon, May 12, 2008 at 06:02:18PM -0500, Schutter, Thomas A. wrote:
-Original Message-
From: Igor Peshansky
Sent: Monday, May 12, 2008 4:30 PM
To: Schutter, Thomas A.
Subject: RE: Unable to run sshd under a domain sshd_server account
[SOLVED]
Well, sorta. It isn't necessary
37 matches
Mail list logo
