X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-1.5 required=5.0 tests=AWL,BAYES_00,DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org To: cygwin AT cygwin DOT com From: Timothy Madden Subject: Re: Elevated prompt under ssh on Windows 7 Date: Mon, 23 Jan 2012 16:13:08 +0200 Lines: 18 Message-ID: References: <4F16C1EA DOT 5040306 AT cs DOT utoronto DOT ca> <20120118141601 DOT GA21774 AT calimero DOT vinschen DOT de> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 In-Reply-To: <20120118141601.GA21774@calimero.vinschen.de> X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On 18.01.2012 16:16, Corinna Vinschen wrote: > On Jan 18 07:58, Ryan Johnson wrote: >> On 18/01/2012 7:12 AM, Timothy Madden wrote: >>> Is there a way to get the remote shell not to run elevated under >>> sshd, even if the user could otherwise run programs elevated in >>> the native Windows OS ? >> I suspect you could set up ssh to use a "shell" which drops the >> user's privilege level and then invokes the real shell. I don't know >> the magic incantation off-hand, tho. > > There's a cygdrop tool in the cygutils package which allows to start > another process under a restricted token. See `cygdrop --help'. I think cygdrop will do what I need with the proper configuration. Nice tool. Thank you, Timothy Madden -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple