X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Message-ID: Date: Mon, 15 Oct 2007 11:55:16 +0800 From: "Yue Chen" To: cygwin AT cygwin DOT com Subject: Re: session user ID error when ssh in terms of public-key exchange In-Reply-To: <47129F6B.7020305@cygwin.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4711aed5 DOT 1498600a DOT 3683 DOT ffffe154 AT mx DOT google DOT com> <47129F6B DOT 7020305 AT cygwin DOT com> X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Hi Larry Thank you for the explanation. BTW: how can I get this issue-related archives. 2007/10/15, Larry Hall (Cygwin) : > Chen Yue wrote: > > Greetings > > > > I am a new bee in cygwin. Now I am about to setup an sshd environment on a > > windows2003 server in a project. But there is a weird phenomenon blocking my > > task. > > > > I setup a local account named sshd_server in administrators group, grant > > "Create a token object", "Log on as a service" and "replace a process level > > token" to sshd_server in Local Security Settings. The service sshd is > > started by ID of sshd_server. > > Two users: userA and userB are domain users who are supposed to be able to > > log on the server in terms of ssh. I have set up their profiles in > > /etc/passwd and /etc/group. In the purpose of convenience, they copy their > > public-key to their home dir so that they need not to input passwd when > > logon. > > > > All above work OK for me. > > > > My issue is when the two users log on in term of inputting passwd, they can > > create files in a shared dir and the file owner is correct. 'net session' > > command shows the correct user ID of the session. However, when they log on > > in terms of public-key exchanging, the files they created in shared dir are > > owned by "sshd_server"!! (The files created locally are correct though). > > And the "net session" command shows it is sshd_server but not userA or userB > > that have logged on the server. > > > > I am so puzzled what's the difference between the two ways to log on. Did > > anyone encounter this ever before? > > > This is a known issue that has been talked about at great length in the > email archives. It is a limitation of Windows and won't be remedied in > the Cygwin 1.5.x series. The difference is that when you log in with your > password, you are authenticated through Windows. So Windows knows who you > are. With pubkey authentication, you're not. So Windows thinks you're > the user that runs the 'sshd' service. > > > -- > Larry Hall http://www.rfk.com > RFK Partners, Inc. (508) 893-9779 - RFK Office > 216 Dalton Rd. (508) 893-9889 - FAX > Holliston, MA 01746 > > _____________________________________________________________________ > > A: Yes. > > Q: Are you sure? > >> A: Because it reverses the logical flow of conversation. > >>> Q: Why is top posting annoying in email? > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/