X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=F7XT3rjOovIfBlrz r0SQ/DdzhM+Z/THO4WvTpsWjfMQP6VVuXL30njVaIOhHN8ZxJqJz2kaAjtVWEKCQ c53zo3VjohhqNhtpzGeHARyZ1KrfG+qtH4j8tddGMZVRCnFVpDMy7wm+bMhl/YBr XzWEfffDVhfHiKeqNwcqZmm8IDs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=default; bh=IHtorm+fuk+VBeobzqjgkC Syssg=; b=oYxgA9jTboE19JeG8ZrkO4o0xMzuCzWqvwhpQYEC7VnDFm4UgNIZmB jUGTRsOSLvs4Kqsw7Lx5jiF0QAnNSX/aYgmef+CuLqEw9FkrRjsXe5qz8/z91RB/ qBBYgsJ6EbxX0HugedY6NWI6IrnggcdzPwEp9YbDuK0ZdGzV2deyA= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,KHOP_THREADED autolearn=ham version=3.3.2 X-HELO: vms173011pub.verizon.net Message-id: <52375AF0.6030600@cygwin.com> Date: Mon, 16 Sep 2013 15:24:32 -0400 From: "Larry Hall (Cygwin)" Reply-to: cygwin AT cygwin DOT com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Fwd: Way to test cyglsa? References: <5237373E DOT 1070905 AT cygwin DOT com> <523748CD DOT 5070205 AT cygwin DOT com> <523752B8 DOT 2010306 AT cygwin DOT com> In-reply-to: Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit On 9/16/2013 3:06 PM, Evan Rowley wrote: > Its great that I now have some actual debug output. Thanks a lot, Larry. > > Towards the end of the log this appeared: > > seteuid 1019: Operation not permitted > > I'll check again that /etc/passwd, /etc/group, cyglsa-config, and > ssh-host-config all have the correct login credentials. Before I do, > is there anywhere else I can look? The cyglsa test from before did > pass so I'm almost certain the passwords entered into it are correct. > Does the order in which a user runs ssh-host-config and cyglsa-config > matter? > No, the order of running the config scripts doesn't matter. cyglsa can be used with sshd but that's not the only service that would benefit. And sshd can certainly be run without cyglsa, as you know. So does the user running sshd have permission to seteuid? A properly configured 'cyg-server' user, as prepared by ssh-host-config, will have the required permissions for local users. For domain users, you need to tweak 'cyg-server' so that it is a domain administrator at least. -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple