Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Thu, 2 Sep 2004 18:13:37 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Cygwin ssh session privileges differ from console privileges?
Message-ID: <20040902161337.GG17670@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <BAY15-DAV3KDaMyI4Y2000196e0 AT hotmail DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BAY15-DAV3KDaMyI4Y2000196e0@hotmail.com>
User-Agent: Mutt/1.4.2i

On Sep  2 15:09, Shaddy Baddah wrote:
> I am having a problem with the privileges on a Cygwin ssh session. It
> seems as though the Cygwin ssh session does not have all the
> privileges of a console session, logged in as the same user. This is
> happening on cygwin v1.5.10-3 under Win2K SP4. The openssh version is
> v3.9p1-1.
> [...]
> I would expect that they would be the same, but understand that there
> might be quirks associated with sshd launching a login session as the
> authenticated user. Is there a plausible explanation as to why there
> is a difference?

It depends on how you log in through ssh.

If you're using password authentication, the same authentication mechanism
is used as if you're logging in locally via the GUI.  Not counting extra
initializations which are only run after GUI logon, password authentication
should grant you about the same rights.

Public Key authentication OTOH is *bypassing* the Windows authentication
mechanism, resulting in a very different access token attached to your
session.  For one, there is no password attached and no network credentials,
so you don't have the same automagical access to network shares.  Another
problem is that you didn't even start a logon session from WinNT's point of
view, which has a couple of interesting side effect.

The bottom line is, if you need all the user's access rights use password
authentication.  If that doesn't help, you're out of luck.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/