Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Reply-To: Cygwin List Message-Id: <6.2.1.2.0.20050609195740.07008c48@pop.prospeed.net> Date: Thu, 09 Jun 2005 20:27:39 -0400 To: Brian Keener , cygwin AT cygwin DOT com From: Larry Hall Subject: Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made In-Reply-To: References: <20050606104023 DOT GG3268 AT calimero DOT vinschen DOT de> <20050607090035 DOT GB23172 AT calimero DOT vinschen DOT de> <20050608102442 DOT GO23172 AT calimero DOT vinschen DOT de> <6 DOT 2 DOT 1 DOT 2 DOT 0 DOT 20050608225206 DOT 07171260 AT pop DOT prospeed DOT net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" At 02:07 PM 6/9/2005, you wrote: >Larry Hall wrote: >> Perhaps you added one or more of these one time when you wanted to try >> this with your account and didn't remove them all later. > >sshd kept jumping to mind and after a google search of cygwin.com it seems to >hold that at one time this was the method (and may still be - just not using >your personal account) of getting ssh/sshd to work. Those searches also show >me getting help getting sshd working (although I do not mention those settings >being changed) and then finally getting it working (through the help of Max and >Corinna) using SYSTEM. The OpenSSH server, sshd, typically runs as a service. To support switching to a new user, the account the service runs as must have the previously listed privileges. SYSTEM has all of them by default on NT/W2K/XP. W2K3's SYSTEM doesn't, so you have to create a new account that has these permissions and run the sshd service under that account (or modify an existing one if you're comfortable with that option). This all has been automated by the /bin/ssh-host-config script for some time though, including creating a special 'sshd_server' account for W2K3 to run the sshd service. At one time, many of these steps did need to be performed manually, though I can't ever remember needing to create or modify an existing account to run the sshd service on NT/W2K/XP. There was certainly some docuementation of these requirements in /usr/share/doc/Cygwin/openssh-README and /usr/share/doc/Cygwin/inetutils-1.3.2.README. You may have gotten some ideas from these documents at some point in time. And there was certainly some discussion of how to set up such an account, be it your own or a new one, on the list from time to time. You may have even had someone suggest to you to add these permissions (it would have been a reasonable suggestion if you mentioned that you had installed the service to run with your user account). But, like I said, making these changes is not a requirement for running sshd as a service and has never been a requirement on NT/W2K/XP AFAIR. So if you don't have a use for such privileges on your account, you can remove them if you like. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/