Logging-in using ssh elevates the user privilege.

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Mar 6 16:15:00 GMT 2019

On Mar  7 01:00, Takashi Yano wrote:
> Hello,
> I would like to report a problem of recent cygwin.
> If a user logs in via ssh, the user aqcuires the elevated
> privilege if the user belongs to Administrators group.

This is by design, and this is no new behaviour.  As soon as an admin
account logs in, seteuid uses the elevated token.  Cygwin is doing that
since 2015.

After all, from an ssh session there would be *no* chance to run
administrative tasks if the user would only get a non-elevated token.
There's no way to switch to the elevated token from an ssh session.


Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20190306/b224da06/attachment.sig>

More information about the Cygwin mailing list