X-Recipient: archive-cygwin@delorie.com
X-SWARE-Spam-Status: No, hits=-2.4 required=5.0	tests=BAYES_00,FREEMAIL_FROM,RP_MATCHES_RCVD,SPF_HELO_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: sourceware.org
To: cygwin@cygwin.com
From: Michael Hoffman <cygwin-hoffman@sneakemail.com>
Subject: Re: 1.7.9: login via ssh allows Administrator privileges
Date: Sun, 9 Oct 2011 18:37:34 +0000 (UTC)
Lines: 26
Message-ID: <loom.20111009T203606-94@post.gmane.org>
References: <loom.20111009T004052-731@post.gmane.org> <4E91A543.4050200@t-online.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Christian Franke <Christian.Franke <at> t-online.de> writes:

> Michael Hoffman wrote:
> > When I log in via ssh I find I have Administrator privileges:
> >
> > [snip]
> >
> > Is there a way to turn this off or remove myself from the Administrators and
> > root groups? I prefer not to have administrative access unless I explicitly
> > request it.
> 
> Restarting the shell through cygdrop from cygutils package may help:
> 
> # exec cygdrop /bin/bash -l

Thanks for the helpful response! I was able to get the behavior I wanted by
adding this to /etc/sshd_config:

ForceCommand /bin/bash /etc/ssh-cygdrop

and putting this in /etc/ssh-cygdrop:

exec cygdrop ${SSH_ORIGINAL_COMMAND:-"$SHELL"}

Thanks again!
Michael


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple