X-Spam-Check-By: sourceware.org Message-ID: <43CE7529.60305@equate.dyndns.org> Date: Wed, 18 Jan 2006 17:04:41 +0000 From: Chris Taylor Reply-To: cygwin AT cygwin DOT com User-Agent: Debian Thunderbird 1.0.7 (X11/20051017) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Wich privileges required by ssh-host-config running user? References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Dave Korn wrote: > Chris Taylor wrote: > >>Dave Korn wrote: >> >>>Chris Taylor wrote: >>> >>> >>>>Dave Korn wrote: >>> >>> >>>>> Simplest workaround would be to always join the machine to the domain >>>>>first and install cygwin second. >>>>> >>>> >>>>And to install as the domain administrator, not the local admin, >>>>otherwise you run into this problem, as the OP has done. >>> >>> >>> Probably a domain user would suffice. It might be best if the domain >>>user account was made a "Power User" in the machine's local user >>>accounts. > > >>I'm not sure that power users have the ability to change ownership in >>this way.. > > > Actually, I'm not sure either. If "Power Users" isn't enough, it would need > to be a local admin. > > >>It may be that you would be required to use a domain >>administrator account to install and to set up any services you wished >>to use, though I could be mistaken. I'd have to test it to see. > > > No, the issue is not what rights you have in the domain, but what rights the > domain user has over the local machine. Domain admins are automatically > admins over the local machine, and domain users are not, but domain users can > be made into local admins by anyone with admin rights over the machine (such > as the local admin) and it doesn't require domain admin rights. > > Basically, nothing you need to do to an individual machine should ever need > domain admin rights. It's about _local_ rights. > > > cheers, > DaveK Good point. However, it is potentially possible that the 'administrator' account on the local machine is locked down, without adversely affecting the administrators group, which could potentially cause the issues described by the OP - it would depend on the various group policy settings and such though. It might be worth having the OP test manually changing the owner in both cygwin and windows if cygwin fails.. ATTN OP: Cygwin: chown SYSTEM ssh_host_* Windows: Select files, right click, properties, Security, Advanced, Owner, 'Choose other user' (or something to that effect), then specify SYSTEM and hit OK until you're back at explorer. Please note that the windows method is only valid (afaik) on win2k3 servers. Chris -- Spinning complacently in the darkness, covered and blinded by a blanket of little lives, false security has lulled the madness of this world into a slumber. Wake up! An eye is upon you, staring straight down and keenly through, seeing all that you are and everything that you will never be. Yes, an eye is upon you, an eye ready to blink. So face forward, with arms wide open and mind reeling. Your future has arrived... Are you ready to go? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/