X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=F7XT3rjOovIfBlrz r0SQ/DdzhM+Z/THO4WvTpsWjfMQP6VVuXL30njVaIOhHN8ZxJqJz2kaAjtVWEKCQ c53zo3VjohhqNhtpzGeHARyZ1KrfG+qtH4j8tddGMZVRCnFVpDMy7wm+bMhl/YBr XzWEfffDVhfHiKeqNwcqZmm8IDs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=default; bh=IHtorm+fuk+VBeobzqjgkC Syssg=; b=oYxgA9jTboE19JeG8ZrkO4o0xMzuCzWqvwhpQYEC7VnDFm4UgNIZmB jUGTRsOSLvs4Kqsw7Lx5jiF0QAnNSX/aYgmef+CuLqEw9FkrRjsXe5qz8/z91RB/ qBBYgsJ6EbxX0HugedY6NWI6IrnggcdzPwEp9YbDuK0ZdGzV2deyA= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,KHOP_THREADED autolearn=ham version=3.3.2 X-HELO: vms173011pub.verizon.net Message-id: <52375AF0.6030600@cygwin.com> Date: Mon, 16 Sep 2013 15:24:32 -0400 From: "Larry Hall (Cygwin)" Reply-to: cygwin@cygwin.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-version: 1.0 To: cygwin@cygwin.com Subject: Re: Fwd: Way to test cyglsa? References: <5237373E.1070905@cygwin.com> <523748CD.5070205@cygwin.com> <523752B8.2010306@cygwin.com> In-reply-to: Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit On 9/16/2013 3:06 PM, Evan Rowley wrote: > Its great that I now have some actual debug output. Thanks a lot, Larry. > > Towards the end of the log this appeared: > > seteuid 1019: Operation not permitted > > I'll check again that /etc/passwd, /etc/group, cyglsa-config, and > ssh-host-config all have the correct login credentials. Before I do, > is there anywhere else I can look? The cyglsa test from before did > pass so I'm almost certain the passwords entered into it are correct. > Does the order in which a user runs ssh-host-config and cyglsa-config > matter? > No, the order of running the config scripts doesn't matter. cyglsa can be used with sshd but that's not the only service that would benefit. And sshd can certainly be run without cyglsa, as you know. So does the user running sshd have permission to seteuid? A properly configured 'cyg-server' user, as prepared by ssh-host-config, will have the required permissions for local users. For domain users, you need to tweak 'cyg-server' so that it is a domain administrator at least. -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple