Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Sun, 24 Feb 2002 10:27:23 +0100
From: Corinna Vinschen <cygwin AT cygwin DOT com>
To: Cygwin AT cygwin DOT com
Subject: Re: /c/cygwin/usr/doc/cygwin/openssh-3.0.2p1-5.README
Message-ID: <20020224102723.T23094@cygbert.vinschen.de>
Mail-Followup-To: Cygwin AT cygwin DOT com
References: <F19wLALFKltknHcsVMn00005cca AT hotmail DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <F19wLALFKltknHcsVMn00005cca@hotmail.com>
User-Agent: Mutt/1.3.22.1i

On Sat, Feb 23, 2002 at 03:54:54PM -0800, Karl M wrote:
> Hi Corinna...
> 
> In /c/cygwin/usr/doc/cygwin/openssh-3.0.2p1-5.README I found:
> 
> - If you want to be able to login to different user accounts you'll
>  have to start sshd under system account or any other account that
>  is able to switch user context. Note that administrators are _not_
>  able to do that by default! You'll have to give the following
>  special user rights to the user:
>  "Act as part of the operating system"
>  "Replace process level token"
>  "Increase quotas"
>  and if used via service manager
>  "Logon as a service".
> 
> Does "Create a token object" need to be added to this list?

I read the OpenSSH README again and my answer is no, for two reasons. 

First, his text is part of the description with the headline:

  ====================================================================
  The following restrictions only apply to Cygwin versions up to 1.3.1
  ====================================================================

and 2nd, I don't want to encourage people to use these dangerous
user rights for normal user accounts.  Start sshd under SYSTEM
instead.  In case the sysadmin knows what s/he's doing... enough
hints are given in the mailing list archive, IMO.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/