This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Puzzling local share permissions problem with ssh sessions on Win2K3


Shankar Unni wrote:

I have a Win2K3 SP1 system, freshly installed with the latest bits, and sshd installed with privilege separation (using ssh_host_config). The /etc/passwd has both local and domain users (in that order), as does /etc/group.

I have a local shared directory c:\Views (shared as \\myhostname\Views). The problem is that when I log in as a domain user, and try to write something into \\myhostname\Views\, I get a permission denied error, even though I can do this successfully if I come in as that same user via Terminal Services.

Here's a matrix of various file creation attempts I tried, logging in to the server (I'm calling it "A" in the chart below) via TS or sshd, with or without a password. For good measure, I logged in as the same domain user, via sshd, to a different machine, and accessed the same share successfully from there!

C:\Views \\A\Views \\Common\share

logged in to A via              OK              OK           OK
Terminal Services

logged in to A via              OK             Fails         OK
sshd, with password

passwordless pubkey             OK             Fails         OK
ssh login to A

logged in to B (other           --              OK           OK
machine) via sshd,
as the same user
(with or without password)


What is special about accessing your own host's shares, when logged in via sshd? sshd-logged-in users seem to be able to access shares on other systems using normal rules; just not shares on their own system.


I've attached a cygcheck.out (from the passwordless pubkey login). Any ideas on what I can try to make the two "Fails" cases above work?

(This is needed for Clearcase to be able to create views in that directory. The stupid thing insists on using a share path for creating views, even private ones).
Hey Shankar. WAG here. With Windows 2K3 came more security. Check to see what your *share* permissions are - not just the permissions of the folder but the permissions of the share point. I believe MS added something like Network: Deny for security sake and that screws up Clearcase which you rightly point out insists on using full UNC paths (for good reason mind you).

BTW It also insists on this for VOBs with the same sorts of issues...
--
Andrew DeFaria <http://defaria.com>
If you must choose between two evils, pick the one you've never tried before.



-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]