X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=2.7 required=5.0	tests=AWL,BAYES_05,BOTNET,KHOP_SPAMHAUS_DROP,KHOP_THREADED,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_NO,RCVD_IN_HOSTKARMA_YE
X-Spam-Check-By: sourceware.org
Message-id: <5108956F.6090000@cygwin.com>
Date: Tue, 29 Jan 2013 22:37:19 -0500
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-to: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Fwd: sshd access works only when user is member of Administrators
References: <CADKbPUxNThjL1XWoVxOVkrPwQf+ekN_VP0EtLP22ontMU9azgw AT mail DOT gmail DOT com> <CADKbPUxvXO4cUK1bKaci6KSKQHCgxWpYXWVH4a2LerKy5FhyhQ AT mail DOT gmail DOT com>
In-reply-to: <CADKbPUxvXO4cUK1bKaci6KSKQHCgxWpYXWVH4a2LerKy5FhyhQ@mail.gmail.com>
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On 1/27/2013 10:12 AM, Godfried Borremans wrote:
> I try to use sshd on Windows 2008 Standard server: fresh install windows,
> fresh cygwin.
> Installation of ssh with ssh-host-config -y (standard)
> When I login with the administrator or with a user who is part of the
> administrators group I can login.
> If the test user is not part of the administrators group I do not get
> access: Permission denied.

<snip>

> If I reinstall the service with following command:
> /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-d" -y
> tcpip -u cyg_server -w "password"

<snip>

> (Something confusing: in /etc/passwd both Administrator and my test user are
> member of the group "Domain Users". However these groups have a different
> GID: 513 for Administrator and 10513 for the test user.)

And that's the answer to your question.  Unless you've set cyg_server up as
a domain user (which the sshd_config script doesn't do), you won't be able
to switch to a domain user context.  10513 is typically named "Domain Users"
and is a domain group.  513 is typically named "None" and is a local group.
Make your test user a local user (which will put it in the 513 group) and
things should work better for you.


-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple