Mail Archives: cygwin/2002/02/24/04:27:53
On Sat, Feb 23, 2002 at 03:54:54PM -0800, Karl M wrote:
> Hi Corinna...
>
> In /c/cygwin/usr/doc/cygwin/openssh-3.0.2p1-5.README I found:
>
> - If you want to be able to login to different user accounts you'll
> have to start sshd under system account or any other account that
> is able to switch user context. Note that administrators are _not_
> able to do that by default! You'll have to give the following
> special user rights to the user:
> "Act as part of the operating system"
> "Replace process level token"
> "Increase quotas"
> and if used via service manager
> "Logon as a service".
>
> Does "Create a token object" need to be added to this list?
I read the OpenSSH README again and my answer is no, for two reasons.
First, his text is part of the description with the headline:
====================================================================
The following restrictions only apply to Cygwin versions up to 1.3.1
====================================================================
and 2nd, I don't want to encourage people to use these dangerous
user rights for normal user accounts. Start sshd under SYSTEM
instead. In case the sysadmin knows what s/he's doing... enough
hints are given in the mailing list archive, IMO.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -