X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=Pon0puZBPk/WSr4P
	6HTdqqYD1gq99kfeF6a3ZbgilJvqHsjfgbXkeEu1uZih1chzhp+Q0mxWPR+hPzYw
	8BW2UdzoRlg9USYe5eXT422/viHZrUS22zxHbpgB6KYUfrqCq5my4aJxBkcvAS3u
	tprcogXgAfoEty9iz16etsYf0Cs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=qZpw02YcToCvgQW2HsYSF5
	qa++U=; b=a8/dJ5KeHmQZaoK4h6+Dtg9qXMk60bbWeSu9YGoHi+G0ExVqi3KUe1
	MGn2qV15W9+9ND/BubpdUSPAA8EQ+ca+NngUf+BDPu2JDBvJGPLSP/oK3NupeHAX
	5hATBli0CuH5UsCn8nDnF4nCySk8egtzfAb+jZTlxSiuWtXvHOles=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2
X-HELO: vms173023pub.verizon.net
Message-id: <530054CC.9050405@cygwin.com>
Date: Sun, 16 Feb 2014 01:03:56 -0500
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh@cygwin.com>
Reply-to: cygwin@cygwin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-version: 1.0
To: cygwin@cygwin.com
Subject: Re: seteuid 1019: Operation not permitted
References: <CAMhuX2DV8tHVuJpnziRBTh0qV7xAThDVUuVXaTYGArb3fVtgCw@mail.gmail.com> <CAMhuX2BdtykgR1dWQ3hW4gWVyU18S1O_1mz=JYKhV3NbjiC_4A@mail.gmail.com>
In-reply-to: <CAMhuX2BdtykgR1dWQ3hW4gWVyU18S1O_1mz=JYKhV3NbjiC_4A@mail.gmail.com>
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7bit

On 2/15/2014 7:08 PM, Evan Rowley wrote:
> Everyone!
>
> I finally figured out what the problem was here.
>
> A group policy was in effect on the Windows machine. The group policy
> is supposed to enforce the baseline security configuration as defined
> by the Center for Internet Security (CIS) Benchmark for Windows
> Servers. One particular Local User Security Policy setting was
> disabled. It was "act as part of the operating system" - apparently
> this is needed in order for SSHD in Cygwin to work.

Yeah, this is mentioned in the closely related FAQ entry
<http://cygwin.com/faq.html#faq.using.sshd-in-domain>.  The need for
it is also spelled out in the 
/usr/share/csih/cygwin-service-installation-helper.sh script used by 
/usr/bin/ssh-host-config.  I know, it's not real
obvious that this is a requirement when you're installing or why.  And
when it's not unavailable the complaints that ensue aren't that easy
to immediately track back to this security policy.

I have this vague recollection that this particular policy is only
necessary to support public key authentication, though I didn't test that.
Regardless, that's small consolation if public key authentication is what
you're looking for. ;-)

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple