X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=c9jAIGPqI4f/btBfLIwrzONYwRH1Vn6Mj1pP/b2axFjEs2lye/xkr
	pT5uHo9+pSVxhKR1tKT18Tk5m35i5ltBoex/z+DPq1x+6Im+yCa1vWuIdRwNBozn
	6hnaXpfEru7TRtouhljQSS75iojj2xYP2AdvXGykPzrlzDdhE/kzgY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=9fn+3oDQ0AmVUHPDX5YbgNM+JiY=; b=jp6cww0l3EQdGqZaRS3BvzocOfnE
	ITac7/6Ghz6aWalDRG6CfRLVXrx/UqcBMAmitb77myKRxikNKnvXHpBNYN29fjuP
	nPTq8YYSFJ0+r/TMAMLXuH4dDc5PuWz2Bi4bj5H7Vv1KjWLr7U3BBc+ZM5p+bXFq
	A9gZggB1RnQpcVU=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Mon, 25 Aug 2014 12:51:39 +0200
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Windows 7 sshd can only login as cyg_server
Message-ID: <20140825105139.GE11052@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <53F6459F.5060203@prager.ws> <20140822130626.GK32314@calimero.vinschen.de> <53F77CAB.4000800@cygwin.com> <20140822201933.GN32314@calimero.vinschen.de> <53F7A865.6030801@cygwin.com> <20140822204402.GP32314@calimero.vinschen.de> <53F7B515.8020704@cygwin.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="OBd5C1Lgu00Gd/Tn"
Content-Disposition: inline
In-Reply-To: <53F7B515.8020704@cygwin.com>
User-Agent: Mutt/1.5.23 (2014-03-12)

--OBd5C1Lgu00Gd/Tn
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Aug 22 17:24, Larry Hall (Cygwin) wrote:
> On 08/22/2014 04:44 PM, Corinna Vinschen wrote:
>=20
> <snip>
>=20
> >That's what I meant.  Do you have a non-admin account for testing
> >a login?
>=20
> I can only make a local non-admin user.  If I use that, it is just
> returning "Permission denied" after I enter the password.  I guess I'll
> have to fiddle with it a little more to see if I can figure out why that
> is.  But that seems tangential to the issue reported.

But your effect doesn't sound good either.

> If I try using the cyg_server account (yuck, I feel filthy! ;-) ), I get
> kicked out the same way as reported minus the message about chown.  That's
> as close as I've gotten and, of course, it's exactly opposite what was
> reported.

Right.  But the default setup of the cyg_server account in /etc/passwd
is to start /bin/false as login shell.  Did you change that to /bin/bash?

> >>>Today I confused myself a lot by trying it (I'm using a domain cyg_ser=
ver
> >>>account for years so it was a bit of hacking) and I was able to login
> >>>with a domain admin account but not with a normal domain account.
> >>
> >>That's with a local cyg_server running the service?
> >
> >Yes, sorry for not being clearer.  That was the hacky part.  It required
> >to change the domain policy and stuff like that.
>=20
> OK, so this sounds similar to what I'm seeing with my domain account and
> with a local cyg_server running sshd.  I'm _shocked_.
>=20
> >>>I didn't manage to debug this further.  However, what I never encounte=
r is
> >>>a "chown(/dev/ptyX,...) Permission denied" message.
> >>
> >>Yeah, me neither.  That's... special. ;-)
> >
> >...and a bit incomprehensible :(
>=20
> Indeed.  Maybe the OP has an actual file for the pseudo /dev/pty1 file?  =
If
> so, maybe the permissions on the file are getting in the way??

That would be one good idea but I think that's not very likely.
Cygwin's device handling wouldn't notice the file and call all
the internal functions for ptys instead.  This includes chown,
which on ptys is a change of the ACL of four synchronization objects
representing the pty.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--OBd5C1Lgu00Gd/Tn
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT+xU7AAoJEPU2Bp2uRE+gWngQAKNeuf4wMyE7TWbY/mfynZZZ
dL9kiFh8UznEt/b5p38PLyJF44bzUxMAVEYh7Y0zm6oO1NUu4QESS32mig8SiJxm
vdsgC6fb0KRO18WqUxWpm+DfPwKLy7H9AwHbZtINKuzMbfpXMA1eHmj4PvxKqRVE
MXmnw2FkGB11J3/3Z4CuYLenzDyXU2yRwRk4CVNT53OPk5n3bRY4SXPNZaIADBs7
SpeIVF2zc+0VF33QMYgRKxdyj8w2N6tlC3CAu330sOff1yeQJZCb/1CHaQH7gvkC
lyttMtH3mfDSfIFYs16VoT1WoNAV7GNxWnZuoyuEI7TyFRqjnFBXhzdZspykkPnv
j6QNyoQ0w+ZHr21FswdL7d7o7glKp5z15K1MTeHau/isaZdad5xKBTOqOf4db9J3
ZlCyaFMBpMz4GUrD2yPClJx/et7c6xmBBZcvezfd1UXkSLhHNbC58QpoZIEO06WD
MAdymfPJf9RSui1PVRcHX4xn03x7OcVZFOjMckzeE9l+/GOHb/UeM3tjZBy6OjdB
EvijqHOmecKAdVdJymZlCdySgXRKhpxT0WTMEyrq3DmsYmjgaScUXYxymkEIgUxe
Kfe+5azwQOlsHcAK5DU7f6w6aFZgHjmskN9x/neAgnOl3vfnySE0L3zsydEcSt0w
pDLt1EP3Y68U+e8pCE4w
=SIxv
-----END PGP SIGNATURE-----

--OBd5C1Lgu00Gd/Tn--