This is the mail archive of the
mailing list for the Cygwin project.
RE: Wich privileges required by ssh-host-config running user?
- From: "Manel Rodero" <manel at fib dot upc dot edu>
- To: <cygwin at cygwin dot com>
- Date: Thu, 19 Jan 2006 11:13:40 +0100
- Subject: RE: Wich privileges required by ssh-host-config running user?
Sorry if you have lost a lot of time with my question but ...
I always create the /etc/passwd and /etc/group running mkpasswd and mkgroup
*BUT* the problem with these servers are the initial files when the cygwin
In the initial files of the servers working, the initial values of the files
are the correct ones for executing ssh-host-config and have the
"Administrator" user the permissions for changing the owner of /etc/ssh*
In the servers that are part of a domain, the same process: 1) mkpasswd,
mkgroup and 2) ssh-host-config fails because of the "Administrator" being
part of "-l-d" groups/passwords.
Now I need to split the unattended script in two parts: a) first recreate
the passwd/group files and b) exit the shell, execute again cygwin so the
Admin have the correct passwd/group (CYGWIN DOESN'T HAVE THE NEWGRP COMMAND)
and execute 'ssh-host-config'.
In this manner: 1) the /etc/ssh* files can be changed to be owned by SYSTEM
and 2) the Admin (domain Admin) can create /home/xxx directories.
Thank you to all who points to me into the right direction.
PS: Dave, ;-)
> -----Original Message-----
> From: email@example.com
> [mailto:firstname.lastname@example.org] On Behalf Of Dave Korn
> Sent: Wednesday, January 18, 2006 6:15 PM
> To: email@example.com
> Subject: RE: Wich privileges required by ssh-host-config running user?
> Manel Rodero wrote:
> > Why? Because its primary group is "mkgroup-l-d". So I need
> to change this
> > first by running "mkpasswd -l" and "mkgroup -l". In this manner this
> > domain account can create /home/pkuser and then create here a .ssh
> > directory with the authorized_keys I need to implement public key
> > authentication.
> You know, you could have saved us all a LOT of wasted time
> if you had *told*
> us you never bothered to setup the system's two most utterly vital
> security-permissions-and-accounts-related files. Can't
> imagine _why_ you
> thought to omit that insignificant little fact.
> Can't think of a witty .sigline today....
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html