From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: sshd on vista error "initgroups: Permission denied" (cygwin-1.7)
Date: Thu, 13 Nov 2008 14:51:00 -0000 [thread overview]
Message-ID: <20081113103543.GM17719@calimero.vinschen.de> (raw)
In-Reply-To: <95155.1226537859@maeder.org>
On Nov 12 16:57, Herb Maeder wrote:
> On 10 Nov 2008 15:48:15 +0100, Corinna Vinschen wrote:
> [...]
> Am I correct in assuming that you would need to have access to an account
> with Domain Administrator privileges in order to allow multiple domain
> users to ssh into a 1.7 vista machine?
I'm not quite sure about this. I don't claim to understand all the does
and dont's of Windows domains either.
However, I have a working result by creating a domain account with the
required permissions called cyg_server, then create a cyg_server entry
in passwd using mkpasswd, then start ssh-host-coonfig.
> And if you don't have access to such an account, the best you can do is
> fire up sshd as yourself (or perhaps one sshd per user on different ports)?
> I'm guessing that will allow you and local users to ssh in (assuming your
> domain account has local administrator access).
>
> Looking ahead, I suspect that this combo (sshd + 1.7 + vista + domain user)
> will be pretty common. Is there a plan for steering users in the right
> direction during the setup of sshd, or maybe giving a more descriptive
> error message?
The ssh-host-config script only covers the simpler approaches for home
users. Right now, a professional administrator for a Windows domain
will have to know a bit, or ask here.
Ideally, somebody would take a heart and
- Add more code to ssh-host-config to allow more smooth operations
in a domain environment.
- Add to the documentation to explain the problems.
But right now that won't be me.
> > 1. Yes, ssh-host-config has to be run elevated, as with all applications
> > requiring actual admin privileges. There's no way to elevate a child
> > process running in the same console window. Microsoft tweaked the
> > ShellExecute() call in shell32.dll heavily to allow the UAC stuff,
> > but neglected to allow applications using the CreateProcess() call to
> > do the same. ShellExecute is not an option to use in Cygwin processes.
>
> Bum deal. But thanks for the explanation. That clarifies what I was
> seeing.
Actually there is a way to elevate a console application which is the
manifest file. Unfortunately this only works for executables, not for
scripts.
I didn't try it myself, but maybe something like this works:
$ cd /bin
$ cp bash.exe bash-elevated.exe
$ sed 's/nstall\.exe/bash-elevated.exe/g' < install.exe > bash-elevated.exe.manifest
$ sed '1s/bash/bash-elevated/' < ssh-host-config > ssh-host-config-elevated
$ ssh-host-config-elevated
Sometimes adding a manifest file to an executable doesn't work immediately
due to some cashing in Windows but basically this should work.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
next prev parent reply other threads:[~2008-11-13 10:33 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-10 15:40 Cygwin apps talking to Windows browsers? Jeffrey C Honig
2003-07-10 16:24 ` Igor Pechtchanski
[not found] ` <pechtcha@cs.nyu.edu>
2003-07-10 16:28 ` Jeffrey C Honig
[not found] ` <corinna-cygwin@cygwin.com>
2005-01-15 23:18 ` odd behavior of symlinks on Win XP SP2 Jeff.Hodges
2005-01-16 15:15 ` Corinna Vinschen
2005-01-17 17:01 ` Jeff.Hodges
2005-01-17 17:32 ` Christopher Faylor
2005-01-17 22:08 ` Sven Köhler
2005-01-17 23:11 ` Christopher Faylor
2005-01-31 21:15 ` odd behavior of symlinks on Win XP Jeff.Hodges
2005-02-01 19:43 ` Jeff.Hodges
2005-02-01 20:48 ` Christopher Faylor
2008-01-22 9:08 ` hard link error on Vista with recent snapshots Herb Maeder
2008-10-10 0:36 ` invalid login gid in /etc/passwd does not show group name as 'mkgroup' Herb Maeder
2008-10-11 7:22 ` Herb Maeder
2008-10-15 5:43 ` Herb Maeder
2008-10-23 19:18 ` cygwin bash crashes on Win Serv 2008 Freddy Jensen
2008-10-24 17:05 ` [Fwd: Apologies for multiple messages (Please Help!)] Herb Maeder
2008-10-24 17:29 ` Dave Korn
2008-11-07 17:52 ` [ANNOUNCEMENT] Updated: OpenSSH-5.1p1-6 (-7) Herb Maeder
2008-11-07 18:36 ` Christopher Faylor
2008-11-07 21:17 ` Herb Maeder
2008-11-07 21:38 ` Herb Maeder
2008-11-07 22:10 ` Christopher Faylor
2008-11-13 1:54 ` sshd on vista error "initgroups: Permission denied" (cygwin-1.7) Herb Maeder
2008-11-13 14:51 ` Corinna Vinschen [this message]
2008-11-13 15:29 ` Corinna Vinschen
2008-11-14 7:31 ` Herb Maeder
2008-11-14 11:24 ` Corinna Vinschen
2008-11-20 4:25 ` Herb Maeder
2008-11-20 6:35 ` Herb Maeder
2008-11-20 10:46 ` Corinna Vinschen
2008-11-20 23:41 ` Herb Maeder
2008-11-20 23:53 ` Herb Maeder
2008-11-21 0:18 ` Matthew Woehlke
2008-11-21 0:49 ` Herb Maeder
2008-11-21 3:09 ` Herb Maeder
2008-11-21 7:05 ` Herb Maeder
2008-11-21 11:40 ` Herb Maeder
2008-11-21 13:48 ` Herb Maeder
2008-11-21 14:46 ` Herb Maeder
2009-02-16 16:16 ` Does CYGWIN work on Windows 2008 x86 architecture ? Freddy Jensen
2003-07-10 16:36 ` Cygwin apps talking to Windows browsers? andrew brian clegg
2003-07-10 20:51 ` Cygwin apps talking to Windows browsers? openmoz for file URLs Ralf Hauser
2003-07-10 19:11 ` Cygwin apps talking to Windows browsers? Scott W Brim
-- strict thread matches above, loose matches on Subject: below --
2009-02-16 10:05 Does CYGWIN work on Windows 2008 x86 architecture ? Martine Carannante
2009-02-16 11:07 ` Corinna Vinschen
2009-02-16 14:05 ` Martine Carannante
2009-02-16 23:10 ` Ben Kamen
2008-11-08 15:45 sshd on vista error "initgroups: Permission denied" (cygwin-1.7) Herb Maeder
2008-11-08 19:44 ` Herb Maeder
2008-11-10 15:26 ` Corinna Vinschen
2008-10-20 21:43 cygwin bash crashes on Win Serv 2008 Freddy Jensen
2008-10-23 13:55 ` Corinna Vinschen
2008-10-23 14:10 ` Corinna Vinschen
2008-10-23 15:40 ` Dave Korn
2008-10-23 16:21 ` Corinna Vinschen
2008-10-23 16:52 ` Dave Korn
2008-10-23 17:00 ` Freddy Jensen
2008-10-23 17:43 ` Dave Korn
2008-10-23 18:54 ` Corinna Vinschen
2008-10-28 15:05 ` Corinna Vinschen
2008-10-31 4:37 ` EMF
2008-10-31 5:01 ` Christopher Faylor
2008-10-31 22:57 ` EMF
2006-02-06 22:52 problems with exit codes on 64-bit Windows XP Pro x64 Kevin Layer
2006-02-07 10:16 ` Corinna Vinschen
2006-02-07 10:24 ` Corinna Vinschen
2006-02-09 20:44 ` Kevin Layer
2006-02-09 20:48 ` Christopher Faylor
2006-02-07 17:59 ` Kevin Layer
[not found] <OE19prw0m25q8awYFDI000008a4@hotmail.com>
2002-11-20 16:23 ` emacs 100% cpu usage bug Christopher Faylor
2002-11-21 11:47 ` Jim Goltz
2002-11-21 11:50 ` Igor Pechtchanski
2002-11-23 14:09 ` Jim Goltz
2002-11-23 14:53 ` Christopher Faylor
2002-11-24 8:53 ` Jim Goltz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081113103543.GM17719@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).