Mail Archives: cygwin/2003/11/03/07:12:12

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2003/11/03/07:12:12

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Message-ID: <3FA64601.9080900@rhetorical.com>

Date: Mon, 03 Nov 2003 12:11:45 +0000

From: Paul Chorley <paulch AT rhetorical DOT com>

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624

X-Accept-Language: en-us, en

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: setreuid: permission denied for sshd under non-system account

Hi,

I have installed the cygwin port of openssh on a Win2k box and set up 
passwordless authentication using .ssh/id_rsa and .ssh/authorized_hosts 
in the normal way.  Everything works fine and I can ssh to the Windows 
box without a password.  My problem arises when I change the user that 
runs the sshd service. 

Following Corrina's instructions, I set up a local user (sshsvc) as a 
member of the Administrators group and have given that user the 
following user rights:

Act as part of operating system.
Create a token object.
Replace a process level token.
Log on as a service.

After setting the ownership of the /etc/ssh*, /var/empty (when using 
privaledge separation) and /var/log/sshd.log I can start the service.

With the client and server in debug mode I try to connect and  the 
client appears to log in, but immediately logs back out again.  The 
server log shows that a call to permanently_set_uid is followed by a 
call to setreuid, which fails with 'permission denied'.

I guess that this is Windows refusing to allow the sshsvc user to switch 
to the real user that i'm trying to log in as.
I was lead to believe from the docs and from Corinna's posts that the 
user rights settings would have dealt with this problem, but they don't.

What am I doing wrong here?  Any help is appreciated.

Paul.




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<3FA64601.9080900@rhetorical.com>
Date:	Mon, 03 Nov 2003 12:11:45 +0000
From:	Paul Chorley <paulch AT rhetorical DOT com>
User-Agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624
X-Accept-Language:	en-us, en
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	setreuid: permission denied for sshd under non-system account