Hash_ne_mix_pas_avec_cygwin

title: Hash ne mix pas avec Cygwin date: 2004-10-23 19:55:06

Top Tip #1: You can set up SSH under Cygwin so that you can SSH into your W2K box and make it useful. But when you want to allow people with domain accounts to do this, you need to add the appropriate entries yourself into /etc/passwd. Here's how to do it:

mkpasswd -d | perl -ne'@line = split /:/, $_; @line[3]=545; print join ":", @line;" >> /etc/passwd

As part of a much larger problem, I had to get one of these SSH-enabled 2K machines to rejoin its domain. The SID had changed, so that meant I had to recreate the password file entries. Not being one to dive in where a more careful approach might do just as much harm, I ran the line above with a subtle variation:

mkpasswd -d -u foo| perl -ne'@line = split /:/, $_; @line[3]=545; print join ":", @line;" >> /etc/passwd

This got the info for my account alone. I then commented out the original entry for foo with a hash, then tried SSHing in:

ssh bar -l foo Password: //bar/foo: Permission denied

WTF?

I uncommented the old entry and tried again. This time it worked: mounting my home directory worked a treat. This was not good. Going back to the old domain was not the best of options -- certainly not one that could last very long -- and this was supposed to be a routine prisoner transfer anyway. What the hell was going on?

I tried rebooting. I tried rejoining the new domain again. I tried restarting the SSH service. I tried tweaking the SIDs for the Administrator and ssh privilege-separation entries in the password file. No luck. I got desperate enough to turn on Samba debugging, and that gave me a clue about what might be happening.

I compared the output in Samba's logfiles for two machines: the one I was migrating and another that still worked. When it came time to try and mount my home directory on the machine, the working one was trying it using my credentials, and the non-working one was trying it using the credentials of the guest account. Since we don't allow guest access to home shares, this was a problem. But why the hell was the machine losing my identity along the way?

I decided, for no good reason at all, to see if I could mount my home directory by hand using Windows' net use command. I went up to the / directory and thought about typing:

net use /user:domainfoo foo

which wouldn't have worked anyway, but I was (as mentioned) desperate. I decided to see what was there, first, and where in God's name I might actually mount this thing. And I saw it:

# ls -l /
drwx------ 16 #foo Users 544 8 Oct 14:15 bar

I'm sorry, who owns that directory?

I deleted the line in /etc/passwd that began with "#foo", and tried SSHing in again:

ssh bar -l foo Password: Success!  You are logged into this server!

...which I'd never been happier to see.

So as far as I can tell: Top Tip #2: Using a hash to comment out a line in /etc/passwd in Cygwin doesn't really work. Thank you, and good night.

On a lighter note, this post was originally written outside Waterfront Theatre in Vancouver's beautiful faux marketplace, Granville Island Public Market ("GIPM: Authentic(tm), but still with parking!") while waiting to see Neal Stephenson, along with two other writers who I'm sure deserve more from me than being lumped in with the rest of the non-Stephenson world. I could not get wireless access at GIPM on this iMac. There is no justice in this world. But at least I was first in line.