This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Still confused about cyg_server vs. user id when logging in via ssh

On Nov  3 15:03, frigging raw email address wrote:
> When I login via ssh, I *appear* at first glance to have the same id
> and privileges as I do when I log in directly.
> a) If I am an administrator, then 'id -a' gives the following
>    consistent answer for both direct and ssh login:
>    	uid=1001(myusername) gid=513(None) groups=513(None),0(root),544(Administrators),545(Users)
> b) If I am a regular user, then 'id -a' gives the following consistent
> answer:
>    	uid=1001(myusername) gid=513(None) groups=513(None),545(Users)
> However, there are some important differences.
> 1. First and most importantly, when I log in as administrator via 'ssh',
>    somehow cyg_server seems to be the real owner of all my files
>    (despite the fact that cygwin 'ls -al' seems to mask that).
> In particular, 'subinacl' gives
>    /owner =mymachine\cyg_server
>    /pace =winlawyer\cyg_server  Type=0x0 Flags=0x0 AccessMask=0x1f019f
> For all files that are actually owned by me... though it gets the
> ownership right for files owned by others.
> This is a problem since I use ssh, as part of my backup scripts to run
> subinacl to backup acls.
> My bottom line question is whether there is any way to login via SSH
> and to get a shell with true ADMINISTRATOR privileges so that there is
> no difference between a SSH log in and a local login... at a minimum
> is there any way to get subinacl to work right.

> 2. Whether I log in as an ordinary user or as administrator via SSH,
> only some but not all user variables are properly set. So, for example
> "HOME" seems to be set properly but not for example "APPDATA". I don't
> understand why some variables are set and not others...

Security reasons, a request from the upstream OpenSSH maintainers way
back when.  This has been discussed in the past on this ML, including
some workarounds, AFAIR.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpyvVTBCaRFM.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]