X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <c2888f8c0804121927n588d7109m432f23a2f2340c75@mail.gmail.com>
Date: Sun, 13 Apr 2008 03:27:14 +0100
From: "Robert McKay" <robert AT mckay DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: How do I run sshd as a particular user?
In-Reply-To: <20080412090648.GC23852@calimero.vinschen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <D06D8751-81CE-408B-931B-66DA714FE1CC AT von-campe DOT com> 	 <6ADC05D7-7602-4123-81EF-1DE06D26E91F AT von-campe DOT com> 	 <D1627F08-4387-4C0A-94B2-5AFC6C1EA325 AT von-campe DOT com> 	 <006301c890e8$4fa2f070$2708a8c0 AT CAM DOT ARTIMI DOT COM> 	 <FB6643AB-610F-46F7-B019-389E82E687C8 AT von-campe DOT com> 	 <20080402132726 DOT GG4468 AT calimero DOT vinschen DOT de> 	 <69CA7E11-E788-4149-9246-DCDF5063FBB2 AT von-campe DOT com> 	 <FAB87074-2F1D-4F53-835C-271E735A29E9 AT von-campe DOT com> 	 <c2888f8c0804111711u49c2e41ala1137cd3514ca470 AT mail DOT gmail DOT com> 	 <20080412090648 DOT GC23852 AT calimero DOT vinschen DOT de>
X-Google-Sender-Auth: 5af078efcd78c7e1
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Sat, Apr 12, 2008 at 10:06 AM, Corinna Vinschen
<corinna-cygwin AT cygwin DOT com> wrote:
> On Apr 12 01:11, Robert McKay wrote:
>  > In order to run sshd as an unprivileged user I had to use a nasty
>  > hexedit hack on the sshd.exe file to replace the seteuid() call (which
>  > fails / returns -1 without admin privileges and causes sshd to exit)
>  > with a call to isalpha() which has (almost) the same function
>  > prototype, but always returns 0 unless your userid 'is an alphanumeric
>  > charater' :)
>
>  Aaaaargh!
>
>  I don't know what you're doing wrong but this is *totally* unnecessary.
>  You can run sshd as unprivileged user without having to change the
>  sshd code.  You can do this while another sshd is running on
>  port 22 under a privileged account.  What the user has to do is to create
>  her own sshd_config file and own host keys.  If no other sshd is running
>  on the machine, just chown the host key files in /etc and switch off
>  privilege separation in /etc/sshd_config.

Interesting.. are you sure your account doesn't have the allow replace
process token privilege?

I'll take another look this when I get the chance.. perhaps sshd has
changed in some way.

Cheers,

Rob.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/