X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Message-ID: <47ED0B0A.2010300@cygwin.com> Date: Fri, 28 Mar 2008 11:13:14 -0400 From: "Larry Hall (Cygwin)" Reply-To: cygwin AT cygwin DOT com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070505 Remi/2.0.0.0-3.fc4.remi Thunderbird/2.0.0.0 Mnenhy/0.7.5.0 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: How do I run sshd as a particular user? References: <47C4A0DB DOT 6020007 AT cygwin DOT com> <6ADC05D7-7602-4123-81EF-1DE06D26E91F AT von-campe DOT com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Alfred von Campe wrote: > [I'm reposting this with a couple of corrections/clarifications and also > to raise its visibility since I didn't get any responses last time :-)] > > It's been a month since Larry Hall replied to my last post on this topic > (thanks, BTW), and this issue has bubbled up to the top again. I have > tried various ways to get the sshd service started as a domain user > (instead of the default local user "sshd_server") and can not get it to > work. What is the correct syntax to specify a domain user with > cygrunsrv? This is what I have tried: > > cygrunsrv -I sshd -u "DOMAINNAME\USERNAME" -w PASSWORD -d "CYGWIN > sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=bin tty smbntsec" -y tcpip > > This successfully installs the service, and if I look at it in the > Services control panel, it shows the correct username (DOMAIN\USERNAME), > but if I try to start the service I always get the error "The Cygwin > sshd service in Local Computer started and then stopped". If I > substitute sshd_server for the user and supply the correct password, the > sshd service starts correctly. But I want to start the service as a > domain user so that I can access network shares and resolve some build > issues with Visual Studio that are apparently caused by not being fully > authenticated. Does it have to be a domain user? If not, create a local one and give it the permissions outlined in '/usr/share/doc/cygwin/openssh.README' from the "Important note for windows 2003 Server users:" section. Or just look at what '/bin/ssh-host-config' does. If it has to be a domain user for some reason, I guess you can try the above on the machine in question for that user but I really don't know enough about how domain user permissions can (or can't) be augmented on local machines to say how this will work (and I don't have a domain to test against currently). -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746 _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/