Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Tue, 23 Mar 2004 17:28:10 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: sshd as a substitute for the suid bit on executables... Message-ID: <20040323162810.GV17229@cygbert.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2i On Mar 23 08:22, Richard Troy wrote: > One additional challenge that has just occurred to me in my particular > scenario is that in ordinary useage on Unix, my program that runs under > the suid bit eventually launches a Java program that creates display > windows and attaches to the keyboard/mouse in the usual way and the user > never knows it's running as the file owner and not them. Before I go Google is your friend. Search for "Allow service to interact with desktop". > Next, I can see how an account that has a particular privilege that > provides all of the necessary access can have its shell re-directed to be > a particular program other than a usual shell (just update /etc/passwd, > right?) and can have a null passphraise providing a key-access > (passwordless access) to the desired account by other users, captured so man sshd, chapter "AUTHORIZED_KEYS FILE FORMAT" Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/