This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
RE: ntsec and remote copy
- From: "Kris Thielemans" <kris dot thielemans at csc dot mrc dot ac dot uk>
- To: "Gnuwin" <cygwin at cygwin dot com>
- Date: Thu, 12 Dec 2002 12:00:51 -0000
- Subject: RE: ntsec and remote copy
Hi Pierre,
thanks for your reply! That indeed turned out to be the case.
> The owner of the remote file has a SID that does not appear
> in your passwd file and thus it cannot be mapped to a uid.
> Cygwin then uses uid = -1
> This also explains what you describe in your follow up
> message.
>
> Perhaps the Windows security gui or the cacls program will
> reveal the identity of the owner.
>
> Pierre
What happened was the following:
- I had trimmed down my /etc/passwd file (I think I read somewhere it was
advisable to remove users from there for which you don't want access. For
example when running telnetd, this seems to be the only way to restrict
access). In the process, I also removed the Administrators group from
/etc/passwd. (I don't really want somebody to break into my system as
Administrator via telnet)
- I am member of the Administrators group, so as the ntsec doc mentions, all
files I create are owned by Administrators, but that wasn't in /etc/passwd,
so it's an unrecognised user.
Adding Administrators to /etc/passwd solved my problems.
Remaining questions:
- is there another way to prevent specific users access to telnet or ftp ?
(or ssh when I get round to installing sshd) ?
- It seems cygwin does not use the above mentioned behaviour that files that
I create are owned by Administrators, instead they are owned by myself. This
is fine for me, but I guess worth mentioning in the doc.
- I still don't understand why certain cygwin programs could read the file
and others not (see mail below). It can't be NT, because I could obviously
read/write all files I created myself using NT programs. So, I have the
impression that some cygwin programs use ntsec in different ways. For
example, cat or vi could read the file with an unrecognised owner, but
test -r couldn't. (I recently reinstalled and upgraded the whole of cygwin,
so I don't think it's because I have old versions lying around).
Thanks for the help
Kris
> -----Original Message-----
> From: Kris Thielemans [mailto:kris.thielemans@ic.ac.uk]
> Sent: 10 December 2002 16:26
> To: Gnuwin
> Subject: RE: ntsec and remote copy
>
>
> Oh yes,
> a related remark.
>
> On the file with the funny UID, some things work, some don't. For
> instance, I can vi it, but I cannot write it. This seems to say
> that some cygwin programs call this file readable, but others
> don't... Bearing in mind the premissions that it is said to, I
> would actually claim that I should NOT be able to read it.
>
> Here's an illustration of 'test' that cannot read it.
>
> $ ls -l test.txt
> -rwx------+ 1 65535 None 1003 Dec 10 00:24 test.txt
>
> $ if [ -r test.txt ]; then echo 'I can read it'; else echo 'I
> cannot read it';
> fi
> I cannot read it
>
> $ chown kris test.txt
>
> $ ls -l test.txt
> -rwx------ 1 kris None 1003 Dec 10 00:24 test.txt
>
> $ if [ -r test.txt ]; then echo 'I can read it'; else echo 'I
> cannot read it';
> fi
> I can read it
>
>
> I also see now that not only files copied remotely have this
> strang eUID, but others as well (maybe older files?)
>
> Kris
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/