Still confused about cyg_server vs. user id when logging in via ssh

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Nov 4 12:03:00 GMT 2013 

On Nov  3 15:03, frigging raw email address wrote:
> When I login via ssh, I *appear* at first glance to have the same id
> and privileges as I do when I log in directly.
> 
> a) If I am an administrator, then 'id -a' gives the following
>    consistent answer for both direct and ssh login:
>    	uid=1001(myusername) gid=513(None) groups=513(None),0(root),544(Administrators),545(Users)
> 
> b) If I am a regular user, then 'id -a' gives the following consistent
> answer:
>    	uid=1001(myusername) gid=513(None) groups=513(None),545(Users)
> 
> 
> However, there are some important differences.
> 1. First and most importantly, when I log in as administrator via 'ssh',
>    somehow cyg_server seems to be the real owner of all my files
>    (despite the fact that cygwin 'ls -al' seems to mask that).
> 
> In particular, 'subinacl' gives
>    /owner =mymachine\cyg_server
>    /pace =winlawyer\cyg_server  Type=0x0 Flags=0x0 AccessMask=0x1f019f
> For all files that are actually owned by me... though it gets the
> ownership right for files owned by others.
> 
> This is a problem since I use ssh, as part of my backup scripts to run
> subinacl to backup acls.
> 
> My bottom line question is whether there is any way to login via SSH
> and to get a shell with true ADMINISTRATOR privileges so that there is
> no difference between a SSH log in and a local login... at a minimum
> is there any way to get subinacl to work right.

http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-logonuser

> 2. Whether I log in as an ordinary user or as administrator via SSH,
> only some but not all user variables are properly set. So, for example
> "HOME" seems to be set properly but not for example "APPDATA". I don't
> understand why some variables are set and not others...

Security reasons, a request from the upstream OpenSSH maintainers way
back when.  This has been discussed in the past on this ML, including
some workarounds, AFAIR.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20131104/e6528468/attachment.sig>

More information about the Cygwin mailing list