This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Seteuid "operation not permitted" error when using LSA for sshd

On Aug  2 18:39, David Koppenhofer wrote:
> > Why did you install cyglsa64 from the old snapshot?  The changes to
> > cyglsa are supposed to be in the Cygwin 1.7.16 package anyway.
> 
> Because I was grasping for straws, and didn't know the fix was in the current
> package.
> 
> 
> > > I rebooted the server, made sure the sshd service was running, but I still
> > > receive the "sshd: PID 3064: fatal: seteuid 1000: Operation not permitted"
> error.
> > 
> > Does the service account have TCB privileges?  That's a hard requirement
> > for the user switch.
> 
> Ah ha!  The service account does not have the "Act as part of the operating
> system" permission.
> 
> However, I ended up asking the network admin to give "Create a token object" to
> the service account.  Since key authentication started working after that, I'll
> just leave things as they are.

If the restrictions of this mode, especially in terms of network shares,
are no problem for you, that's fine.  Otherwise I'd like to point out
http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]