X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-0.3 required=5.0 tests=AWL,BAYES_40,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Message-ID: From: Karl M To: Subject: FW: admin privileges when logging in by ssh? Date: Sun, 11 Sep 2011 22:00:23 -0700 In-Reply-To: References: ,,,<4E6D677B DOT 6090503 AT cs DOT umass DOT edu>, Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id p8C50k73009972 > Date: Sun, 11 Sep 2011 21:59:23 -0400 > From: moss > To: cygwin > Subject: Re: admin privileges when logging in by ssh? > > On 9/11/2011 9:07 PM, Andrew Schulman wrote: > >>> When a user with administrative privileges logs in to sshd, it seems that the user is only granted > >>> standard user privileges for that session. Is there a way around that? How can I get the admin > >>> privileges for that session? > >> > >> Nevermind. I found the answer from Corinna way back in 2004: > >> http://cygwin.com/ml/cygwin/2004-09/msg00087.html. "The bottom line is, if you need all the user's > >> access rights use password authentication. If that doesn't help, you're out of luck." > > > > Continuing my conversation with myself... > > > > The above is half right. It seems that I have to log in by password > > authentication, and then authenticate again to UAC, before I get my admin > > rights. > > > > At the console that's how it works: I log in as the backup user, ask for admin > > rights, authenticate again to UAC, and then, finally, can read or write any file > > on the system. > > > > In sshd, I log in by password authentication, but now I'm stuck because I don't > > know a command-line program to authenticate to UAC. Without that, I don't have > > any admin rights. > > > > So: Is there a command-line program that will allow me to authenticate to UAC? > > And do I have this right? > > If what you want to do is to run a particular program with elevated > privileges (which I guess might include cmd.exe), then this web > page may be of assistance: > > http://www.sevenforums.com/tutorials/11949-elevated-program-shortcut-without-uac-prompt-create.html > > Other pages I found make the same recommendation. > Two other alternatives for elevation: 1) Win 7 (and perhaps Vista) allows to run select programs elevated without UAC. It involves creating a data base of trusted programs that windows will check. See... http://www.techrepublic.com/blog/window-on-windows/selectively-disable-uac-for-your-trusted-vista-applications/635 2) Use a program that can handle the elevation for you, such as hstart ot this one... UAC Trust Shortcut http://www.itknowledge24.com/downloads.html# For the issue of priv level for the user logged in from ssh, Corinna announced multiple options available with the 1.7 Cygwin release. The password can be saved locally as windows does for services and scheduled tasks or the LSA can be used. See http://cygwin.com/cygwin-ug-net/ntsec.html HTH, ...Karl -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple