X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=p1DL2RqTSpYwei2H
	smG+MSPAioBtTWvW1ZAgSRPfaGeLTLmpA2KYoZpFnSu1P4YulsPRwhVru25XSJvS
	UHmFt3/k9PuS/5oEi/04d2iQj/42bWmT7Z6a44JztLjb6yveEDgZxCLUJxFRviBB
	D9JlizLwCR8iXu9v6J0oZBbUiCs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=PgHDgUmz5hDDb6dk9iximk
	/Dg2A=; b=ib1Iir1Q2yEQW9wQqndWeP6KYWY+cnpBJM4jrxSxwmkwpRCQAQknE4
	pRwdAN77zpb3UW0S/HwBWhohqiiTExMt77+mOdDju/QN2FSGJegSotl344IlwMYG
	LDoVxcyF7C3qd1QvskSCmxdXT5FmFn+t+O3gU6SL0UBJFkWHtQ8k8=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=H*RU:sk:dynamic, Hx-spam-relays-external:sk:dynamic, imagination, sshhostconfig
X-HELO: www.hepe.com
Subject: Re: /bin/bash: Operation not permitted
To: cygwin@cygwin.com
References: <60610071.5233701.1457534241961.JavaMail.yahoo.ref@mail.yahoo.com> <60610071.5233701.1457534241961.JavaMail.yahoo@mail.yahoo.com> <loom.20160309T162147-290@post.gmane.org> <56E042DD.2090804@gmail.com>
From: Aaron Digulla <digulla@hepe.com>
Message-ID: <56E2D09F.3020508@hepe.com>
Date: Fri, 11 Mar 2016 15:05:19 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56E042DD.2090804@gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Am 09.03.2016 um 16:35 schrieb Marco Atzeri:
> On 09/03/2016 16:25, Achim Gratz wrote:
>> Francis Korning <fkorning <at> yahoo.ca> writes:
>>> Specifically, ssh-host-config needs these following lines:
>>
>> The cyg_server account is actually set up in
>> /usr/share/csih/cygwin-service-installation-helper.sh and guess what, it
>> already does this.  It also warns if a pre-existing account does not
>> have
>> these privileges enabled.
>
> It is correct Achim,
> however I have seen in corporate environment that some of those
> setting were removed by security scripts...at every boot.

How about a check in the code of sshd to make sure it has the necessary
permissions?

I'm wondering if it would be better to do those check when it starts or
when someone logs in. The former would show the problem early but the
admin would have to look in the event log to see the error message
(especially after a reboot).

The latter would allow to send the error message to the local console
(local to the user, remote from the point of view of sshd) and there
would be a human who can read it.

Regards,

-- 
Aaron "Optimizer" Digulla a.k.a. Philmann Dark
"It's not the universe that's limited, it's our imagination.
Follow me and I'll show you something beyond the limits." 
http://blog.pdark.de/


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple