when I try to open file with another user on CYGWIN , I get access denied message

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

when I try to open file with another user on CYGWIN , I get access denied message

Alex-3
I have windows 2008 server and external partner requested me to install
CGYWIN on it so they can send a file to via SSH. I created a domain user
called test1 and they sent me the public key and installed home folder.
They can send the file without any problem. I can able to read and
delete if I login to windows server with test1 username.

My problem is I can not open that files with another username. I have a
username call test2 and I need to login to windows server with this
username and run the script to import the files from test1 folder. I got
access denied message when I try to open it.

file permission show ;

-rwx------

I changed the umask in profile to 002 , but did not fix the problem.

Any idea?

By the way I have a little knowledge of linux

thank

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Dan Kegel-2
Did you try
   chmod 755 foo.dat
on the file (assuming it's named foo.dat)?

umask 002 would have done that for you if you'd done it before
creating the file.

It's a bit odd to have +x set on a data file, so if it's not a dll or
exe, you might
want to make it chmod 644 instead.
- Dan


On Tue, May 16, 2017 at 1:12 AM, Alex <[hidden email]> wrote:

> I have windows 2008 server and external partner requested me to install
> CGYWIN on it so they can send a file to via SSH. I created a domain user
> called test1 and they sent me the public key and installed home folder. They
> can send the file without any problem. I can able to read and delete if I
> login to windows server with test1 username.
>
> My problem is I can not open that files with another username. I have a
> username call test2 and I need to login to windows server with this username
> and run the script to import the files from test1 folder. I got access
> denied message when I try to open it.
>
> file permission show ;
>
> -rwx------
>
> I changed the umask in profile to 002 , but did not fix the problem.
>
> Any idea?
>
> By the way I have a little knowledge of linux
>
> thank
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Alex-3
Yes I did , but I can access only the current files. If they send new
file next time, it won't get this setup so not possible to open.


I need something like folder permission and will apply to all files in
it also must be apply to files   will be created latter

thanks



On 16/05/2017 14:10, Dan Kegel wrote:

> Did you try
>     chmod 755 foo.dat
> on the file (assuming it's named foo.dat)?
>
> umask 002 would have done that for you if you'd done it before
> creating the file.
>
> It's a bit odd to have +x set on a data file, so if it's not a dll or
> exe, you might
> want to make it chmod 644 instead.
> - Dan
>
>
> On Tue, May 16, 2017 at 1:12 AM, Alex <[hidden email]> wrote:
>> I have windows 2008 server and external partner requested me to install
>> CGYWIN on it so they can send a file to via SSH. I created a domain user
>> called test1 and they sent me the public key and installed home folder. They
>> can send the file without any problem. I can able to read and delete if I
>> login to windows server with test1 username.
>>
>> My problem is I can not open that files with another username. I have a
>> username call test2 and I need to login to windows server with this username
>> and run the script to import the files from test1 folder. I got access
>> denied message when I try to open it.
>>
>> file permission show ;
>>
>> -rwx------
>>
>> I changed the umask in profile to 002 , but did not fix the problem.
>>
>> Any idea?
>>
>> By the way I have a little knowledge of linux
>>
>> thank
>>
>> ---
>> This email has been checked for viruses by Avast antivirus software.
>> https://www.avast.com/antivirus
>>
>>
>> --
>> Problem reports:       http://cygwin.com/problems.html
>> FAQ:                   http://cygwin.com/faq/
>> Documentation:         http://cygwin.com/docs.html
>> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>>
>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

cyg Simple


On 5/16/2017 10:44 AM, Alex wrote:
> Yes I did , but I can access only the current files. If they send new
> file next time, it won't get this setup so not possible to open.
>
>
> I need something like folder permission and will apply to all files in
> it also must be apply to files   will be created latter
>

Make sure that the directories are all created by Cygwin processes.
    From the top of the device.
Make sure that the directories can be read by group members.
Ensure that the test1 and test2 users are of the same group.

--
cyg Simple

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Brian Inglis
In reply to this post by Alex-3
On 2017-05-16 02:12, Alex wrote:

> I have windows 2008 server and external partner requested me to install
> CGYWIN on it so they can send a file to via SSH. I created a domain user
> called test1 and they sent me the public key and installed home folder.
> They can send the file without any problem. I can able to read and
> delete if I login to windows server with test1 username.
> My problem is I can not open that files with another username. I have a
> username call test2 and I need to login to windows server with this
> username and run the script to import the files from test1 folder. I got
> access denied message when I try to open it.
> file permission show ;
> -rwx------
> I changed the umask in profile to 002 , but did not fix the problem.
> Any idea?
> By the way I have a little knowledge of linux

You would have to change umask in sshd's user's profile to perhaps have
any effect.

You may want to check the receiving directory DACLs with getfacl .../
and if necessary change them with setfacl -m d:g::r--,d:o::r-- if only
data is being transferred to that directory.

Removing directory DACLs e.g. with setfacl -bk .../ can stop Windows
programs being able to read or write directories or contents.

Get them to set the permissions chmod +r on the source if possible,
and send with scp -p.

--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Dan Kegel-2
In reply to this post by Alex-3
On Tue, May 16, 2017 at 7:44 AM, Alex <[hidden email]> wrote:
>> Did you try
>>     chmod 755 foo.dat
>> on the file (assuming it's named foo.dat)?
>
> Yes I did , but I can access only the current files. If they send new file
> next time, it won't get this setup so not possible to open.

Just add the chmod in your script.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Alex-3
In reply to this post by cyg Simple
On 16/05/2017 17:59, cyg Simple wrote:

>
>
> On 5/16/2017 10:44 AM, Alex wrote:
>> Yes I did , but I can access only the current files. If they send new
>> file next time, it won't get this setup so not possible to open.
>>
>>
>> I need something like folder permission and will apply to all files in
>> it also must be apply to files   will be created latter
>>
>
> Make sure that the directories are all created by Cygwin processes.

Only the folder mounted to home directory created on Windows
as I entered the below in fstab;
E:/SFTP/samplefolder   /home/gm-user1/samplefolder  ntfs
override,binary,noacl 0 0

so other user try to access to E:/SFTP/samplefolder

>      From the top of the device.
> Make sure that the directories can be read by group members.
I created SFTP_User group in AD and both of them members
> Ensure that the test1 and test2 users are of the same group.
But when I run ls -la on inside the Samplefolder, owner says gm-user1
groups says Domain Users ,  not sure why it shows Domain users

>

thanks



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Alex-3
In reply to this post by Dan Kegel-2
On 16/05/2017 20:22, Dan Kegel wrote:

> On Tue, May 16, 2017 at 7:44 AM, Alex <[hidden email]> wrote:
>>> Did you try
>>>      chmod 755 foo.dat
>>> on the file (assuming it's named foo.dat)?
>>
>> Yes I did , but I can access only the current files. If they send new file
>> next time, it won't get this setup so not possible to open.
>
> Just add the chmod in your script.
>
Hi Dan
Could you please tell me how can I chmod to script , I don't know how to
do it
Thanks

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Alex-3
In reply to this post by Brian Inglis
On 16/05/2017 20:08, Brian Inglis wrote:

> On 2017-05-16 02:12, Alex wrote:
>> I have windows 2008 server and external partner requested me to install
>> CGYWIN on it so they can send a file to via SSH. I created a domain user
>> called test1 and they sent me the public key and installed home folder.
>> They can send the file without any problem. I can able to read and
>> delete if I login to windows server with test1 username.
>> My problem is I can not open that files with another username. I have a
>> username call test2 and I need to login to windows server with this
>> username and run the script to import the files from test1 folder. I got
>> access denied message when I try to open it.
>> file permission show ;
>> -rwx------
>> I changed the umask in profile to 002 , but did not fix the problem.
>> Any idea?
>> By the way I have a little knowledge of linux
>
> You would have to change umask in sshd's user's profile to perhaps have
> any effect.

I did in the /etc/profile but not sure what you mean in sshd's user's
profile !
>
> You may want to check the receiving directory DACLs with getfacl .../
> and if necessary change them with setfacl -m d:g::r--,d:o::r-- if only
> data is being transferred to that directory.

#getfacl samplefolder
#owner :gm-user1
#group :Domain User
user ::rwx
group :: r-x
other:r-x


Yes they only transfer to file in this folder,  if I run setfacl for
this directory, will it apply to files inside and the file will be added
later ?
>
> Removing directory DACLs e.g. with setfacl -bk .../ can stop Windows
> programs being able to read or write directories or contents.
>
> Get them to set the permissions chmod +r on the source if possible,
they said already give the file with full permission for everyone

> and send with scp -p.
>

?


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Eliot Moss
In reply to this post by Alex-3
On 5/17/2017 9:45 AM, Alex wrote:
 > On 16/05/2017 20:22, Dan Kegel wrote:
 >> On Tue, May 16, 2017 at 7:44 AM, Alex <[hidden email]> wrote:
 >>>> Did you try
 >>>>      chmod 755 foo.dat
 >>>> on the file (assuming it's named foo.dat)?
 >>>
 >>> Yes I did , but I can access only the current files. If they send new file
 >>> next time, it won't get this setup so not possible to open.
 >>
 >> Just add the chmod in your script.
 >>
 > Hi Dan
 > Could you please tell me how can I chmod to script , I don't know how to do it
 > Thanks

sftp has a chmod command that change the access modes of the remote file.
Add a chmod after the command that copies the file over.  chmod and the
meaning of the modes are standard Unix things, and "man chmod" for the
command line chmod (not the OS call) will explain it somewhat (the
syntax in sftp is probably more limited).

HTH -- Eliot Moss

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Brian Inglis
In reply to this post by Alex-3
On 2017-05-17 07:53, Alex wrote:

> On 16/05/2017 20:08, Brian Inglis wrote:
>> On 2017-05-16 02:12, Alex wrote:
>>> I have windows 2008 server and external partner requested me to install
>>> CGYWIN on it so they can send a file to via SSH. I created a domain user
>>> called test1 and they sent me the public key and installed home folder.
>>> They can send the file without any problem. I can able to read and
>>> delete if I login to windows server with test1 username.
>>> My problem is I can not open that files with another username. I have a
>>> username call test2 and I need to login to windows server with this
>>> username and run the script to import the files from test1 folder. I got
>>> access denied message when I try to open it.
>>> file permission show ;
>>> -rwx------
>>> I changed the umask in profile to 002 , but did not fix the problem.
>>> Any idea?
>>> By the way I have a little knowledge of linux
>>
>> You would have to change umask in sshd's user's profile to perhaps have
>> any effect.
>
> I did in the /etc/profile but not sure what you mean in sshd's user's
> profile!

Anything in sshd's startup that could change umask e.g. /etc/sshd.conf.
None of init, systemd, nor cygrunsrv require shells, so /etc/profile is
out.

>> You may want to check the receiving directory DACLs with getfacl .../
>> and if necessary change them with setfacl -m d:g::r--,d:o::r-- if only
>> data is being transferred to that directory.
>
> #getfacl samplefolder
> #owner :gm-user1
> #group :Domain User
> user ::rwx
> group :: r-x
> other:r-x
>
> Yes they only transfer to file in this folder,  if I run setfacl for
> this directory, will it apply to files inside and the file will be added
> later ?

Default ACLs are applied to directories or files created in that directory,
modified by creation options, or later commands.

>> Removing directory DACLs e.g. with setfacl -bk .../ can stop Windows
>> programs being able to read or write directories or contents.
>>
>> Get them to set the permissions chmod +r on the source if possible,
> they said already give the file with full permission for everyone
>
>> and send with scp -p.
> ?

What file transfer client are they using?
You said ssh, so I assumed scp, -p retains permissions and timestamps.

--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: when I try to open file with another user on CYGWIN , I get access denied message

Andrey Repin
In reply to this post by Alex-3
Greetings, Alex!

>> You may want to check the receiving directory DACLs with getfacl .../
>> and if necessary change them with setfacl -m d:g::r--,d:o::r-- if only
>> data is being transferred to that directory.

> #getfacl samplefolder
> #owner :gm-user1
> #group :Domain User
> user ::rwx
> group :: r-x
> other:r-x

Seems sane, though least desirable.

> Yes they only transfer to file in this folder,  if I run setfacl for
> this directory, will it apply to files inside and the file will be added
> later ?
>>
>> Removing directory DACLs e.g. with setfacl -bk .../ can stop Windows
>> programs being able to read or write directories or contents.
>>
>> Get them to set the permissions chmod +r on the source if possible,
> they said already give the file with full permission for everyone

At this point, I have a feeling that their software force 0700 on an unloaded
file.

But you may try to

setfacl -m d:u::rwx,g::rwx,d:m::rwx

on your directory and try to upload a new file.


--
With best regards,
Andrey Repin
Thursday, May 18, 2017 15:14:23

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple