Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Sat, 14 Feb 2004 16:59:57 -0500 (EST)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Jeremy AT Gagliardi DOT com
cc: cygwin AT cygwin DOT com
Subject: Re: "incorrect password" or "permission denied" when switching users
In-Reply-To: <20040214122644.29160.h011.c000.wm@mail.gagliardi.com.criticalpath.net>
Message-ID: <Pine.GSO.4.56.0402141631310.26191@slinky.cs.nyu.edu>
References: <20040214122644 DOT 29160 DOT h011 DOT c000 DOT wm AT mail DOT gagliardi DOT com DOT criticalpath DOT net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Scanned-By: MIMEDefang 2.39

On Sat, 14 Feb 2004 Jeremy<at>Gagliardi<dot>com wrote:

> On Sat, 14 Feb 2004 13:59:09 -0500 (EST), Igor Pechtchanski wrote:
> > $ net helpmsg 1314
> > A required privilege is not held by the client.
> >
> > Does this ring a bell?  More below.
>
> Nope.  I should point out I am not very Windows literate, which is why I'm
> trying to use Cygwin in the first place.

Jeremy,

I wasn't trying to make fun of you, I meant the contents of the message.
FWIW, now you know how to find out what a Windows error code means. :-)

> > > Please help.  Why are the most basic forms of login not working with a
> > > "standard" installation of Cygwin?
> >
> > Because normal users (read: anyone but SYSTEM) don't have enough
> > privileges to switch users.  Starting with Win2003, not even SYSTEM has
> > the needed privileges by default.  For more information, see
> > /usr/share/doc/Cygwin/openssh.README.
>
> As I pointed out in my original message, my computer's administrator
> account is "Owner".  When I installed Cygwin, all files have an
> ownership of "Owner" with group "User".  Also...
> Owner AT Beast /
> $ id -a
> uid=1003(Owner) gid=545(Users)
> groups=0(root),513(None),544(Administrators),545(Users)
>
> How could "Owner" not have enough privileges?

<http://cygwin.com/acronyms/#CYNUX>.  This is Windows.  In Windows, the
only account that is allowed to switch user contexts is the built-in
SYSTEM (a.k.a. LocalSystem) account.  The README file above should outline
the basic principles of how this works, and for more details you might
want to look at <http://cygwin.com/cygwin-ug-net/ntsec.html>.

> > > Better question:  How can I get login or su to work?
> >
> > Run them as SYSTEM.  IIRC, su is broken under Cygwin altogether.  login
> > does work, however, as long as the user has appropriate privileges.
>
> Stupid question:  How do I run login as SYSTEM?  I tried `chown SYSTEM
> /bin/bash.exe` and `chmod u+s /bin/bash.exe` and did `login -f jjg`.  Same
> result.  "/bin/bash: Permission denied".

To run something *as* SYSTEM, you don't make the file owned by SYSTEM, you
get a shell running *as the SYSTEM user* and run login from that shell.
For recipes on getting a SYSTEM-owned shell, search Google for "cygwin
system-owned window".

Note that "run them as SYSTEM" was just a direct reply to your question --
the answer below describes a better way to switch users.

> > > Even better question:  How can I switch users?
> >
> > Install the openssh package, set up sshd (using ssh-host-config), and use
> > "ssh user AT localhost" in lieu of "su - user".
>
> I did install openssh, and it's even running and responding to requests.
> However...
>
> Owner AT Beast /
> $ ssh jjg AT localhost
>
> jjg AT localhost's password:
> /bin/bash: Permission denied
> Connection to localhost closed.

Ah, so now this becomes a question of getting sshd to work.  You obviously
ran "ssh-host-config".  Did you run "ssh-user-config" for the "jjg" user?
Try adding "-v" to your ssh call, and see what errors you actually get.
Also take a look at /var/log/sshd.log.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/