This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

sshd as an ordinary user (was: Re: user-specific mounts)


Hello,

I've created a user lokal_sshd to run sshd. I've used the following
command:

cygrunsrv -I sshd -p /cygdrive/g/cygwin/usr/sbin/sshd -a -D \
-e "CYGWIN=ntsec tty" -d "CYGWIN sshd" -u lokal_sshd -w 123

I had to add lokal_sshd to Administrators and grant it the following
privileges:

Create a token object
Log on as a service
Replace a process level token

This setup works.

If I remove the user from Administrators and grant all privileges that
Administrators have and Users do not have, sshd does not work any more:
authentication succeeds but the shell prompt doesn't come, and I return
to the local prompt. Application event log says:
sshd: PID 2056: fatal: setuid 1005: Permission denied.

Is it possible to run sshd without making its user a member of
Administrators? Why doesn't it work if I grant all Administrators'
privileges?

I don't use sshd privilege separation. Cygcheck is still screwed, sorry.

With kind regards,
Baurjan.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]