X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=Pon0puZBPk/WSr4P
	6HTdqqYD1gq99kfeF6a3ZbgilJvqHsjfgbXkeEu1uZih1chzhp+Q0mxWPR+hPzYw
	8BW2UdzoRlg9USYe5eXT422/viHZrUS22zxHbpgB6KYUfrqCq5my4aJxBkcvAS3u
	tprcogXgAfoEty9iz16etsYf0Cs=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=qZpw02YcToCvgQW2HsYSF5
	qa++U=; b=a8/dJ5KeHmQZaoK4h6+Dtg9qXMk60bbWeSu9YGoHi+G0ExVqi3KUe1
	MGn2qV15W9+9ND/BubpdUSPAA8EQ+ca+NngUf+BDPu2JDBvJGPLSP/oK3NupeHAX
	5hATBli0CuH5UsCn8nDnF4nCySk8egtzfAb+jZTlxSiuWtXvHOles=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.3 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2
X-HELO:	vms173023pub.verizon.net
Message-id:	<530054CC.9050405@cygwin.com>
Date:	Sun, 16 Feb 2014 01:03:56 -0500
From:	"Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-to:	cygwin AT cygwin DOT com
User-Agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: seteuid 1019: Operation not permitted
References:	<CAMhuX2DV8tHVuJpnziRBTh0qV7xAThDVUuVXaTYGArb3fVtgCw AT mail DOT gmail DOT com> <CAMhuX2BdtykgR1dWQ3hW4gWVyU18S1O_1mz=JYKhV3NbjiC_4A AT mail DOT gmail DOT com>
In-reply-to:	<CAMhuX2BdtykgR1dWQ3hW4gWVyU18S1O_1mz=JYKhV3NbjiC_4A@mail.gmail.com>

On 2/15/2014 7:08 PM, Evan Rowley wrote:
> Everyone!
>
> I finally figured out what the problem was here.
>
> A group policy was in effect on the Windows machine. The group policy
> is supposed to enforce the baseline security configuration as defined
> by the Center for Internet Security (CIS) Benchmark for Windows
> Servers. One particular Local User Security Policy setting was
> disabled. It was "act as part of the operating system" - apparently
> this is needed in order for SSHD in Cygwin to work.

Yeah, this is mentioned in the closely related FAQ entry
<http://cygwin.com/faq.html#faq.using.sshd-in-domain>.  The need for
it is also spelled out in the 
/usr/share/csih/cygwin-service-installation-helper.sh script used by 
/usr/bin/ssh-host-config.  I know, it's not real
obvious that this is a requirement when you're installing or why.  And
when it's not unavailable the complaints that ensue aren't that easy
to immediately track back to this security policy.

I have this vague recollection that this particular policy is only
necessary to support public key authentication, though I didn't test that.
Regardless, that's small consolation if public key authentication is what
you're looking for. ;-)

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -