X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=p1DL2RqTSpYwei2H
	smG+MSPAioBtTWvW1ZAgSRPfaGeLTLmpA2KYoZpFnSu1P4YulsPRwhVru25XSJvS
	UHmFt3/k9PuS/5oEi/04d2iQj/42bWmT7Z6a44JztLjb6yveEDgZxCLUJxFRviBB
	D9JlizLwCR8iXu9v6J0oZBbUiCs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=PgHDgUmz5hDDb6dk9iximk
	/Dg2A=; b=ib1Iir1Q2yEQW9wQqndWeP6KYWY+cnpBJM4jrxSxwmkwpRCQAQknE4
	pRwdAN77zpb3UW0S/HwBWhohqiiTExMt77+mOdDju/QN2FSGJegSotl344IlwMYG
	LDoVxcyF7C3qd1QvskSCmxdXT5FmFn+t+O3gU6SL0UBJFkWHtQ8k8=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=H*RU:sk:dynamic, Hx-spam-relays-external:sk:dynamic, imagination, sshhostconfig
X-HELO: www.hepe.com
Subject: Re: /bin/bash: Operation not permitted
To: cygwin AT cygwin DOT com
References: <60610071 DOT 5233701 DOT 1457534241961 DOT JavaMail DOT yahoo DOT ref AT mail DOT yahoo DOT com> <60610071 DOT 5233701 DOT 1457534241961 DOT JavaMail DOT yahoo AT mail DOT yahoo DOT com> <loom DOT 20160309T162147-290 AT post DOT gmane DOT org> <56E042DD DOT 2090804 AT gmail DOT com>
From: Aaron Digulla <digulla AT hepe DOT com>
Message-ID: <56E2D09F.3020508@hepe.com>
Date: Fri, 11 Mar 2016 15:05:19 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56E042DD.2090804@gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Am 09.03.2016 um 16:35 schrieb Marco Atzeri:
> On 09/03/2016 16:25, Achim Gratz wrote:
>> Francis Korning <fkorning <at> yahoo.ca> writes:
>>> Specifically, ssh-host-config needs these following lines:
>>
>> The cyg_server account is actually set up in
>> /usr/share/csih/cygwin-service-installation-helper.sh and guess what, it
>> already does this.  It also warns if a pre-existing account does not
>> have
>> these privileges enabled.
>
> It is correct Achim,
> however I have seen in corporate environment that some of those
> setting were removed by security scripts...at every boot.

How about a check in the code of sshd to make sure it has the necessary
permissions?

I'm wondering if it would be better to do those check when it starts or
when someone logs in. The former would show the problem early but the
admin would have to look in the event log to see the error message
(especially after a reboot).

The latter would allow to send the error message to the local console
(local to the user, remote from the point of view of sshd) and there
would be a human who can read it.

Regards,

-- 
Aaron "Optimizer" Digulla a.k.a. Philmann Dark
"It's not the universe that's limited, it's our imagination.
Follow me and I'll show you something beyond the limits." 
http://blog.pdark.de/


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple