sshd as an ordinary user (was: Re: user-specific mounts)
Baurjan Ismagulov
ibr@ata.cs.hun.edu.tr
Mon May 17 13:52:00 GMT 2004
Hello,
I've created a user lokal_sshd to run sshd. I've used the following
command:
cygrunsrv -I sshd -p /cygdrive/g/cygwin/usr/sbin/sshd -a -D \
-e "CYGWIN=ntsec tty" -d "CYGWIN sshd" -u lokal_sshd -w 123
I had to add lokal_sshd to Administrators and grant it the following
privileges:
Create a token object
Log on as a service
Replace a process level token
This setup works.
If I remove the user from Administrators and grant all privileges that
Administrators have and Users do not have, sshd does not work any more:
authentication succeeds but the shell prompt doesn't come, and I return
to the local prompt. Application event log says:
sshd: PID 2056: fatal: setuid 1005: Permission denied.
Is it possible to run sshd without making its user a member of
Administrators? Why doesn't it work if I grant all Administrators'
privileges?
I don't use sshd privilege separation. Cygcheck is still screwed, sorry.
With kind regards,
Baurjan.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list