This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd on vista error "initgroups: Permission denied" (cygwin-1.7)


On 10 Nov 2008 15:48:15 +0100, Corinna Vinschen wrote:
> On Nov  8 07:44, Herb Maeder wrote:
> > Running sshd (openssh 5.1p1-d57 or 5.1p1-7) on cygwin-1.7 and vista
> > results in the following error:
> > 
> >         % ssh localhost pwd
> >         herb@localhost's password:
> >         initgroups: Permission denied
> > 
> > I think this should be easily reproducible with a fresh installation of
> > just cygwin 1.7 base + openssh running on a generic vista confiuration
> > with UAC enabled.  
> > 
> > Can anyone confirm this?  If it is specific to my setup, I'll dig deeper
> > and provide more information.
> 
> I can't reproduce this.  A permission denied in initgroups point to
> insufficient privileges of the account running sshd.  Are you running
> sshd with a local cyg_server account but trying to login with a domain
> account?  Maybe there's a permission problem.

You are correct.  I was indeed running sshd with a local cyg_server, but
logging in with a domain account.  I tried firing up sshd as me, and I was 
able to log in successfully.  Thanks for pointing me in the right
direction.

I think this means that "ssh-host-config -y" followed by "cygrunsrv
--start sshd" no longer works for setting up sshd for domain users 
on vista (though it still does on XP).  What should be the recommended 
procedure for setting up sshd on Vista + cygwin-1.7?  

Am I correct in assuming that you would need to have access to an account 
with Domain Administrator privileges in order to allow multiple domain 
users to ssh into a 1.7 vista machine?

And if you don't have access to such an account, the best you can do is
fire up sshd as yourself (or perhaps one sshd per user on different ports)?  
I'm guessing that will allow you and local users to ssh in (assuming your
domain account has local administrator access).

Looking ahead, I suspect that this combo (sshd + 1.7 + vista + domain user) 
will be pretty common.  Is there a plan for steering users in the right
direction during the setup of sshd, or maybe giving a more descriptive 
error message?

> 1. Yes, ssh-host-config has to be run elevated, as with all applications
>    requiring actual admin privileges.  There's no way to elevate a child
>    process running in the same console window.  Microsoft tweaked the
>    ShellExecute() call in shell32.dll heavily to allow the UAC stuff,
>    but neglected to allow applications using the CreateProcess() call to
>    do the same.  ShellExecute is not an option to use in Cygwin processes.

Bum deal.  But thanks for the explanation.  That clarifies what I was
seeing.

Herb.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]