X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=s/Fv3MZlyxSVhQPAL2HHiJm4Oxk01zsGixV8k0uGV0Pltup4tosqW
	ailUKtjust/Daos/SqkWmm5m/qXT1jq6J/sw4gJe0cHYUwHyBiUhT7F5WeNN4fWe
	dnCJ+bjEG9/lNo3NYDH0j7CavqbsU1cJGnFmPzc5tmc4V0Ak9TC+to=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=+b3Ce7166PQHI+pKE/eOgZitCBg=; b=t+do0YLIopqVlbQrzY4BQw9F/zzt
	8/XhT7j0w/ITNqALCXosV4B3A6uKaen+gytxjsIjEWOm0CIiJZBVM4RZcHZDNm4D
	gWUqZiew/BT41jhlX9jZjNCiYxUqB/s1YJri4eYmXUUGxIxw8AIvIdRFor1785lM
	+0LQ4voqyj4NxOk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_50,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Mon, 4 Nov 2013 13:03:07 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Still confused about cyg_server vs. user id when logging in via ssh
Message-ID: <20131104120307.GE2731@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <21110 DOT 44071 DOT 195847 DOT 904212 AT consult DOT pretender>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="o0ZfoUVt4BxPQnbU"
Content-Disposition: inline
In-Reply-To: <21110.44071.195847.904212@consult.pretender>
User-Agent: Mutt/1.5.21 (2010-09-15)

--o0ZfoUVt4BxPQnbU
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Nov  3 15:03, frigging raw email address wrote:
> When I login via ssh, I *appear* at first glance to have the same id
> and privileges as I do when I log in directly.
>=20
> a) If I am an administrator, then 'id -a' gives the following
>    consistent answer for both direct and ssh login:
>    	uid=3D1001(myusername) gid=3D513(None) groups=3D513(None),0(root),544=
(Administrators),545(Users)
>=20
> b) If I am a regular user, then 'id -a' gives the following consistent
> answer:
>    	uid=3D1001(myusername) gid=3D513(None) groups=3D513(None),545(Users)
>=20
>=20
> However, there are some important differences.
> 1. First and most importantly, when I log in as administrator via 'ssh',
>    somehow cyg_server seems to be the real owner of all my files
>    (despite the fact that cygwin 'ls -al' seems to mask that).
>=20
> In particular, 'subinacl' gives
>    /owner =3Dmymachine\cyg_server
>    /pace =3Dwinlawyer\cyg_server  Type=3D0x0 Flags=3D0x0 AccessMask=3D0x1=
f019f
> For all files that are actually owned by me... though it gets the
> ownership right for files owned by others.
>=20
> This is a problem since I use ssh, as part of my backup scripts to run
> subinacl to backup acls.
>=20
> My bottom line question is whether there is any way to login via SSH
> and to get a shell with true ADMINISTRATOR privileges so that there is
> no difference between a SSH log in and a local login... at a minimum
> is there any way to get subinacl to work right.

http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-logonuser

> 2. Whether I log in as an ordinary user or as administrator via SSH,
> only some but not all user variables are properly set. So, for example
> "HOME" seems to be set properly but not for example "APPDATA". I don't
> understand why some variables are set and not others...

Security reasons, a request from the upstream OpenSSH maintainers way
back when.  This has been discussed in the past on this ML, including
some workarounds, AFAIR.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--o0ZfoUVt4BxPQnbU
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSd4z7AAoJEPU2Bp2uRE+gefYP/0rG1F4VU5iWmeNg+qVYr8Di
0DxrIu52EJcZLVYCGdynMGgJCqZU+oGM0kUyEiMVXlAzwjEFNmdLEMLTw+XHtFQb
eW4rGk+HZcsAdUM0fgkwNII7nLYwuJgFDOnYH1VLsGp9GdrcY5qlxOoiJTqQNyUm
gnpkJe2ZFXSjhyon8VRgcVEnXwBEIHJREu1DxmZRcJWLKHmlBz62mmxgGh4vbtW3
xuflaNfbjkl+KOb3beP7gv8VHNb7IjugfHaLF5139GrAF22IXbbQZ+WsV0XC6J85
ICdxDzlSMwKAyXQh6Ggy6epXSd+k6O7i9Zko6Z7HchyKpdOs2zjMRX002SRTV5j/
/IBpYU+OJ5biHIRJ9hCGz+SHqgjf5VFZZt0dOE9FlAuBJT82Iijg+sUJ4iMAB7f0
fjgBQeUVV/lwweHusMZbOBSNOVVZAHejOQMFpvlsrJVjUNl1hhVBdYLssUhz1fXT
GhS1OwCKEuIsOHQOyZZsf89fUtljVB+WBuATz2oKOM/Qn8quRzN6aV4fhVIvXOkb
KFS5295oUDHToGMBNHUDmHO3rE7UVVNWKKzWKMUX/T9QcjxJqLl0g7PAJiCKXffF
P6tjJrdB6vDndaeJHcJKljzBfO9dhnnXyu5tAD8oD83ton/k7AmpLupwGCi7tILZ
o/jCu3uYtuukf5A3lQFN
=Udwd
-----END PGP SIGNATURE-----

--o0ZfoUVt4BxPQnbU--