This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [openssh] service with domain user


On Apr 21 17:43, Julio Costa wrote:
> On Tue, Apr 21, 2009 at 16:31, Corinna Vinschen wrote:
> > On Apr 21 14:56, Julio Costa wrote:
> >>
> >> I thought that the correct permissions/privileges were assigned in the
> >> ssh-host-config... isn't that so? How do I find what is missing?
> >
> > No, ssh-host-config can only set the user rights for the local account,
> > and it only does so if it has been asked to create the account. ?If you
> > pre-create the account (as you have to do if you use a domain account),
> > you're responsible to give it the necessary rights yourself.
> 
> You mean, like in "shame on you domain user! take this broken wings
> and fly way!"?
> 
> Now seriously, I understand perfectly why it does not do that right
> now, taking the historical absence (as long as I can see) of
> domain-user-type users of Cygwin... but what if I asked "Shouldn't
> that kind of setup be done in the script?" (PTC is a logical answer,
> but still... I like to see it)

Well, PTC.  If you have a domain account, its rights are usually
administered centralized.  Who are we to change the user rights locally
for that user?  That's the responsibility of the admins.  And here's
another problem in domain environments:  If the environment is using
domain policies, you might even be out of luck to set the user rights at
all on your local machine.  Even in my tiny setup at home you would be
unable to install a domain member machine and change cyg_server's rights.

> Actually I'm a bit surprised with the amount of (small, tiny,
> amounting to a huge pile) problems that I've bumped into which are
> most of the time related to the fact I'm using a domain user...

Well, sorry about that.  You got what you paid for.  You're not the only
domain user out there.  You're expecting something which just isn't
there.  The script was meant to ease the installation for local users in
the first place.  In corporate or governmental environments I don't
expect the script to work OOTB.  The script will almost never meet the
requirements exactly.

> [...rants deleted...]

Again, these service installation scripts are a volunteer effort which
many users are happy with.  Due to the complexity of different Windows
installations they won't work smoothly in all environments.  Too bad the
script doesn't fit your needs, but, as others, I have only so much time
to work on that stuff.

And no, your environment is just one of many.  I know different
environments in corporate and governmental areas.

> Regarding editrights, I think that there is a problem also.
> Is the reported output in my previous email as expected?

No.  The account is missing the other rights I talked about in my first
reply.

> Do you want me to start another thread on that?

No.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]