--- a/ssh.rst Wed Sep 14 14:27:10 2011 +0300
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,114 +0,0 @@
--*- coding: utf-8 -*-
-
-===========
- SSH/sshd.
-===========
-
-Maintaining key pair.
-=====================
-::
-
- $ ssh-keygen -t dsa # for DSA
- $ ssh-keygen -t rsa # for RSA
- $ ssh-keygen -t dsa -C comment # put own comment instead user@host
- $ ssh-keygen -t dsa -f my_dsa_key # store priv key under my_dsa_key
- # and pub key under my_dsa_key.pub
-
- $ ssh-keygen -y -f my_dsa_key # recover pub key from priv
-
- $ ssh-keygen -p -N "newphrase" -P "oldphrase" -f ~/.ssh/id_dsa
- # change passphrase of priv key
-
- $ ssh $user@$host cat ">>" "~/.ssh/authorized_keys" <~/.ssh/id_rsa.pub
- # public pub key on remote host
-
-Shell login.
-============
-::
-
- $ ssh $user@$host
- $ ssh $user@$host:$port
-
- $ ssh -i ~/.ssh/my_dsa_key $user@$host
-
-or::
-
- $ ssh -l $user $host
- $ ssh -l $user $host:$port
-
-X session.
-==========
-::
-
- $ ssh -X $user@$host
-
-Multiply private keys.
-======================
-
-ssh try use all listen keys::
-
- $ ssh -i ./priv1 -i ./priv2 $user@$host
-
-or place in ~/.ssh/config::
-
- Host *
- IdentityFile ~/.ssh/identity # standard search path for protocol ver. 1
- IdentityFile ~/.ssh/id_dsa # standard search path for RSA key protocol ver. 2
- IdentityFile ~/.ssh/id_rsa # standard search path for DSA key protocol ver. 2
- IdentityFile ~/.ssh/my_dsa
- IdentityFile ~/.ssh/another_dsa
-
-or per host private key::
-
- Host host1 # alias, that user provide at CLI
- HostName host1.example.com # real host name to log into
- User iam
- IdentifyFile ~/.ssh/iam_priv_dsa
- Host host2 # alias, that user provide at CLI
- HostName 192.168.1.2 # real host IP to log into
- User admin
- IdentifyFile ~/.ssh/admin_priv_dsa
-
-Installing sshd on Cygwin.
-==========================
-
- * Install base packages and openssh.
- * Set CYGWIN env var to 'binmode tty ntsec'.
- * Create Windows user.
- * Recreate /etc/passwd:
- $ mkpasswd -l -u user >>/etc/passwd
- or
- $ mkpasswd -l >/etc/passwd
- * Register sshd:
- $ mkdir -p /home/user
- $ ssh-host-config -y
- * Start:
- $ net start sshd
- or
- $ cygrunsrv -S sshd
- * Check from remote host:
- $ ssh $gygwin_host -l user
-
-To stop service use::
-
- $ net stop sshd
-
-or::
-
- $ cygrunsrv -E sshd
-
-Запускаем SSH server на правах произвольного пользователя.
-----------------------------------------------------------
-
- * Создаем пользователя, например с именем user, задаем ему пароль,
- права (т.е. в какие группы будет входить) и т.д., пользователя не блокируем.
- * В консоле MMC добавляем оснастку "Параметры безопасности.". Модифицируем параметры:
-
- "Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя."
- ->"Вход в качестве службы."->добавить 'user'.
-
- "Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя."
- ->"Отклонить локальный вход."->удалить 'user' (если был установлен).
-
- XXX "Принудительное удаленнон завершение."
-
--- a/windows.rst Wed Sep 14 14:27:10 2011 +0300
+++ b/windows.rst Sat Sep 17 01:45:55 2011 +0300
@@ -95,8 +95,8 @@
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e
Windows XP Service Pack 3 - ISO-9660 CD Image File
-Access to Samba for Vista/7.
-============================
+Access to Samba from Vista/7.
+=============================
By default, you cannot authenticate and share files to and from Mac OS X or
Linux Samba due to a well known authentication method turned off by default.
@@ -185,6 +185,11 @@
control fonts - Fonts Folder
control printers Printers Folder
+'.cpl' scripts can be run from command line as:
+
+ cmd> Rundll32 Shell32.dll,Control_RunDLL
+ cmd> Rundll32 Shell32.dll,Control_RunDLL Mmsys.cpl,,0
+
Path.
=====
@@ -412,3 +417,81 @@
schtasks /delete /tn %TASK_NAME% /f
+Change NTFS permission.
+=======================
+
+Change NTFS permission with 'icacls'.
+-------------------------------------
+
+'icacls' allow option:
+
+ * /c - Continues the operation despite any file errors. Error messages will
+ still be displayed.
+ * /t - Performs the operation on all specified files in the current directory
+ and its subdirectories.
+ * /l - Performs the operation on a symbolic link versus its destination.
+ * /q - Suppresses success messages.
+
+Recursively change the owner of all matching files to the specified user::
+
+ cmd> icacls /setowner %user% /t /c
+
+Recursively grand full access for everyone::
+
+ cmd> icacls %dir% /t /grant:r %user%:(f)
+ cmd> icacls %dir% /t /grant:r *S-1-1-0:(f)
+
+Well-known security identifiers (SID).
+======================================
+
+ S-1-0-0
+ Null SID. A group with no members. This is often used when a SID
+ value is not known.
+ S-1-1-0
+ World/Everyone. A group that includes all users.
+ S-1-3-0
+ Creator Owner ID. A security identifier to be replaced by the
+ security identifier of the user who created a new object. This
+ SID is used in inheritable ACEs.
+ S-1-3-1
+ Creator Group ID. A security identifier to be replaced by the
+ primary-group SID of the user who created a new object. Use this
+ SID in inheritable ACEs.
+ S-1-5-6
+ Service. A group that includes all security principals that have
+ logged on as a service. Membership is controlled by the
+ operating system.
+ S-1-5-7
+ Anonymous. A group that includes all users that have logged on
+ anonymously. Membership is controlled by the operating system.
+ S-1-5-32-544
+ Administrators group.
+ S-1-5-32-545
+ Users group.
+ S-1-5-32-546
+ Guests. By default, the only member is the Guest account. The
+ Guests group allows occasional or one-time users to log on with
+ limited privileges to a computer's built-in Guest account.
+ S-1-5-32-547
+ Power Users. Power users can create local users and groups;
+ modify and delete accounts that they have created; and remove
+ users from the Power Users, Users, and Guests groups. Power
+ users also can install programs; create, manage, and delete
+ local printers; and create and delete file shares.
+
+ http://msdn.microsoft.com/en-us/library/aa379649.aspx
+ Well-known SIDs
+ http://support.microsoft.com/kb/243330
+ Хорошо известные идентификаторы безопасности в операционных
+ системах Windows
+ http://en.wikipedia.org/wiki/Security_Identifier
+ Security Identifier
+
+Converting SID to names and inside out.
+=======================================
+
+Use 'PsGetSid' utility from Sysinternals::
+
+ cmd> PsGetSid S-1-3-0
+ cmd> PsGetSid "\NULL SID"
+