From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-179361-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 31574 invoked by alias); 3 Aug 2012 07:49:42 -0000
Received: (qmail 31538 invoked by uid 22791); 3 Aug 2012 07:49:17 -0000
X-Spam-Check-By: sourceware.org
Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234)    by sourceware.org (qpsmtpd/0.83/v0.83-20-g38e4449) with ESMTP; Fri, 03 Aug 2012 07:49:02 +0000
Received: by calimero.vinschen.de (Postfix, from userid 500)	id BE11D2C00BE; Fri,  3 Aug 2012 09:48:58 +0200 (CEST)
Date: Fri, 03 Aug 2012 12:48:00 -0000
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Seteuid "operation not permitted" error when using LSA for sshd
Message-ID: <20120803074858.GA27106@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <CAKXb5pJZX7kaz12C1E-GEk7ws7oc2xAxQmr8EaND3KZ3_GzCmg@mail.gmail.com> <CAKXb5pJjCBvbj1ZfU8WiEohz2QqW+edUi1Dz6anhELTk2wuZ_g@mail.gmail.com> <CAKXb5p+ETsym1MtM3Ev964XN3aTLNMabSfPkSj0KEHE53GGZeg@mail.gmail.com> <20120529125057.GD12040@calimero.vinschen.de> <loom.20120801T202919-35@post.gmane.org> <20120802091119.GA12772@calimero.vinschen.de> <loom.20120802T203152-34@post.gmane.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <loom.20120802T203152-34@post.gmane.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
X-SW-Source: 2012-08/txt/msg00082.txt.bz2

On Aug  2 18:39, David Koppenhofer wrote:
> > Why did you install cyglsa64 from the old snapshot?  The changes to
> > cyglsa are supposed to be in the Cygwin 1.7.16 package anyway.
> 
> Because I was grasping for straws, and didn't know the fix was in the current
> package.
> 
> 
> > > I rebooted the server, made sure the sshd service was running, but I still
> > > receive the "sshd: PID 3064: fatal: seteuid 1000: Operation not permitted"
> error.
> > 
> > Does the service account have TCB privileges?  That's a hard requirement
> > for the user switch.
> 
> Ah ha!  The service account does not have the "Act as part of the operating
> system" permission.
> 
> However, I ended up asking the network admin to give "Create a token object" to
> the service account.  Since key authentication started working after that, I'll
> just leave things as they are.

If the restrictions of this mode, especially in terms of network shares,
are no problem for you, that's fine.  Otherwise I'd like to point out
http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple