X-Recipient: archive-cygwin@delorie.com
X-SWARE-Spam-Status: No, hits=-2.4 required=5.0	tests=BAYES_00,FREEMAIL_FROM,RP_MATCHES_RCVD,SPF_HELO_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: sourceware.org
To: cygwin@cygwin.com
From: Michael Hoffman <cygwin-hoffman@sneakemail.com>
Subject: 1.7.9: login via ssh allows Administrator privileges
Date: Sun, 9 Oct 2011 00:20:10 +0000 (UTC)
Lines: 23
Message-ID: <loom.20111009T004052-731@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

My user account is in the Administrators group, but has User Account Control
turned on. I've installed sshd and turned it on, ssh-host-config, and enabled
the Cygwin Local Security Authority authentication package with cyglsa-config.

When I log in via ssh I find I have Administrator privileges:

$ id -a
uid=1000(Michael) gid=513(None) groups=513(None),545(Users)

$ ssh localhost

# id -a
uid=1000(Michael) gid=513(None)
groups=513(None),0(root),544(Administrators),545(Users)

Is there a way to turn this off or remove myself from the Administrators and
root groups? I prefer not to have administrative access unless I explicitly
request it.

Cygcheck output: http://pastebin.com/S6CyKpaD

Many thanks,
Michael Hoffman


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple