This is the mail archive of the
mailing list for the Cygwin project.
- From: Corinna Vinschen <cygwin at cygwin dot com>
- To: Cygwin at cygwin dot com
- Date: Sun, 24 Feb 2002 10:27:23 +0100
- Subject: Re: /c/cygwin/usr/doc/cygwin/openssh-3.0.2p1-5.README
- References: <F19wLALFKltknHcsVMn00005cca@hotmail.com>
On Sat, Feb 23, 2002 at 03:54:54PM -0800, Karl M wrote:
> Hi Corinna...
> In /c/cygwin/usr/doc/cygwin/openssh-3.0.2p1-5.README I found:
> - If you want to be able to login to different user accounts you'll
> have to start sshd under system account or any other account that
> is able to switch user context. Note that administrators are _not_
> able to do that by default! You'll have to give the following
> special user rights to the user:
> "Act as part of the operating system"
> "Replace process level token"
> "Increase quotas"
> and if used via service manager
> "Logon as a service".
> Does "Create a token object" need to be added to this list?
I read the OpenSSH README again and my answer is no, for two reasons.
First, his text is part of the description with the headline:
The following restrictions only apply to Cygwin versions up to 1.3.1
and 2nd, I don't want to encourage people to use these dangerous
user rights for normal user accounts. Start sshd under SYSTEM
instead. In case the sysadmin knows what s/he's doing... enough
hints are given in the mailing list archive, IMO.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:firstname.lastname@example.org
Red Hat, Inc.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html