X-Spam-Check-By: sourceware.org
Date: Thu, 10 Aug 2006 09:58:31 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: "Larry Hall (Cygwin)" <cygwin AT cygwin DOT com>
Subject: Re: uid having logged in with ssh
Message-ID: <20060810075831.GF20467@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: "Larry Hall (Cygwin)" <cygwin AT cygwin DOT com>
References: <001c01c6bbee$47443220$35c94e98 AT CASSANDRA5> <44DA42F7 DOT 8030102 AT cygwin DOT com> <1039663999 DOT 20060810090353 AT cxxl DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1039663999.20060810090353@cxxl.de>
User-Agent: Mutt/1.4.2i
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Aug 10 09:03, cygwin-060809 AT cxxl DOT de wrote:
> hi,
> 
> Wednesday, August 9, 2006, 10:17:59 PM, "Larry Hall (Cygwin)" wrote:
> 
> > Andy Keane wrote:
> >> I am running sshd having set up the sshd service using ssh-host-config with
> >> privilege separation and with sshd running as a server owned by the local
> >> sshd_server user.
> >> All is working fine and I can log in using my keys without the need for
> >> passwords or without keys and using passwords.
> >> My problem is that if I then try and run some processes after logging in
> >> (specifically MPI ones) the system thinks I am the local sshd_server user
> >> and not the person I wish to be.
> 
> >> Any ideas how I can get sshd working such that after log in I am really the
> >> user I wish to be would be much appreciated.
> 
> > Patience. ;-)
> 
> i just want to add one more detail: i have the same setup with sshd.
> plus, i use EFS (encrypting file system) on the sshd box.  now EFS
> encrypts files ONLY for the user that writes them (and for so called
> recovery agents, but they are set up globally and all EFS files are
> decryptable for them), but not for all other users that may have
> access to the files (based on the their file privileges).
> 
> so when i'm user X and log in through sshd, write some file and then
> log on locally though a console, i can't read my own file, because the
> file was encrypted for SvcCOPSSHD (the sshd user in my case).
> 
> i, too, would much appreciate a solution :)

There's a working workaround:  Use password login.

Otherwise only the subauthentication stuff mentioned in
http://cygwin.com/ml/cygwin-developers/2006-07/msg00013.html as Larry
already pointed out will allow what you want.  There's really no gain in
repeating scenarios in which the current technique doesn't work.  The
drawbacks are known for years, really.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/