/bin/bash: Operation not permitted

/bin/bash: Operation not permitted

[Francis Korning]

Apologies for spamming but I think this fix needs to be automated in
ssh-host-config and updated in the cygwin FAQ.
Like many users I've been struggling with this obscure bug that allows one 
to log on with ssh only as the priviledged user (cyg_server in my case).
Attempts under another user succeed in all modes of authentication (password, 
RSA, DSA, whatever), but then get disconnected with the esoteric line:

/bin/bash: Operation not permitted

It turns out this has nothing to with bash, but rather with the usser 
cyg_server needing specific NTSEC rights to allow logons as other users.

The fix was found here:

http://www.tux.org/~mayer/cygwin/cygwin_sshd.pdf


Specifically, ssh-host-config needs these following lines:
editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
editrights -a SeCreateTokenPrivilege -u cyg_server
editrights -a SeTcbPrivilege -u cyg_server
editrights -a SeServiceLogonRight -u cyg_server


#editrights -l -u cyg_server



Francis Korning de Grandpre
enterprise software architect
fkorning at yahoo dot ca

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /bin/bash: Operation not permitted

[Achim Gratz]

Francis Korning <fkorning <at> yahoo.ca> writes:
> Specifically, ssh-host-config needs these following lines:

The cyg_server account is actually set up in
/usr/share/csih/cygwin-service-installation-helper.sh and guess what, it
already does this.  It also warns if a pre-existing account does not have
these privileges enabled.


Regards,
Achim.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /bin/bash: Operation not permitted

[Marco Atzeri]

On 09/03/2016 16:25, Achim Gratz wrote:
> Francis Korning <fkorning <at> yahoo.ca> writes:
>> Specifically, ssh-host-config needs these following lines:
>
> The cyg_server account is actually set up in
> /usr/share/csih/cygwin-service-installation-helper.sh and guess what, it
> already does this.  It also warns if a pre-existing account does not have
> these privileges enabled.
>
>
> Regards,
> Achim.
>

It is correct Achim,
however I have seen in corporate environment that some of those
setting were removed by security scripts...at every boot.
Very annoying


Regards
Marco






--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /bin/bash: Operation not permitted

[Aaron Digulla]

Am 09.03.2016 um 16:35 schrieb Marco Atzeri:
> On 09/03/2016 16:25, Achim Gratz wrote:
>> Francis Korning <fkorning <at> yahoo.ca> writes:
>>> Specifically, ssh-host-config needs these following lines:
>>
>> The cyg_server account is actually set up in
>> /usr/share/csih/cygwin-service-installation-helper.sh and guess what, it
>> already does this.  It also warns if a pre-existing account does not
>> have
>> these privileges enabled.
>
> It is correct Achim,
> however I have seen in corporate environment that some of those
> setting were removed by security scripts...at every boot.

How about a check in the code of sshd to make sure it has the necessary
permissions?

I'm wondering if it would be better to do those check when it starts or
when someone logs in. The former would show the problem early but the
admin would have to look in the event log to see the error message
(especially after a reboot).

The latter would allow to send the error message to the local console
(local to the user, remote from the point of view of sshd) and there
would be a human who can read it.

Regards,

-- 
Aaron "Optimizer" Digulla a.k.a. Philmann Dark
"It's not the universe that's limited, it's our imagination.
Follow me and I'll show you something beyond the limits." 
http://blog.pdark.de/


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /bin/bash: Operation not permitted

[stephane]

I discovered my issue !

I needed to add my account that launch sshd service in "Replace a process
level token" in gpedit.msc

Case is closed !


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

/bin/bash: Operation not permitted

[stephane]

Hello

I have enabled sshd feature and key authentication.

Ssh users that do not have authorized_keys received the message "/bin/bash:
Operation not permitted"

Here is permissions :
$ ls -l /bin/bash
-rwxr-xr-x+ 1 Administrateurs Utilisa. du domaine 700435  3 juin  14:09
/bin/bash

User running sshd service is named "sshd".

user@LOCALCOMPUTER~
$ cat /etc/passwd | grep sshd
LOCALCOMPUTER+sshd:*:197619:197121:U-LOCALCOMPUTER\
sshd,S-1-5-21-310385243-3694341406-529650493-1011:/home/sshd:/bin/bash

user@LOCALCOMPUTER ~
$ cat /etc/group | grep 197121
LOCALCOMPUTER+None:S-1-5-21-310385243-3694341406-529650493-513:197121:

Could you help me please ?

Regards,
Stephane


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /bin/bash: Operation not permitted

[Larry Hall (Cygwin)]

On 8/27/2012 9:06 AM, michael pitoniak wrote:
> Larry Hall (Cygwin <reply-to-list-only-lh <at> cygwin.com> writes:
>
>>
>
>>
>> Complaints like this are typically caused by commands run by the interpreter
>> (bash in this case).  This could be caused by something in your rc files.
>> I'd check bash_profile and /etc/profile first but check them all if these
>> aren't the source.
>>
>
>
> i have tried the suggestions with no success. is there any other way to isolate
> the issue or suggestions to debug it? any help greatly appreciated.

Perhaps.  Let's start here:

> Problem reports:       http://cygwin.com/problems.html

If you can provide a detailed problem report, we can probably eliminate
allot of boilerplate questions back and forth if not find the problem.

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /bin/bash: Operation not permitted

[michael pitoniak]

Larry Hall (Cygwin <reply-to-list-only-lh <at> cygwin.com> writes:

> 

> 
> Complaints like this are typically caused by commands run by the interpreter
> (bash in this case).  This could be caused by something in your rc files.
> I'd check bash_profile and /etc/profile first but check them all if these
> aren't the source.
> 


i have tried the suggestions with no success. is there any other way to isolate
the issue or suggestions to debug it? any help greatly appreciated.




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: /bin/bash: Operation not permitted

[Larry Hall (Cygwin)]

On 8/21/2012 10:48 AM, michael pitoniak wrote:
> greetings,
>
>   i have a really strange problem...i install the latest cygwin release
> 1.7.16(0.262/5/3) with the openssh option and configure it with ssh-host-config
> on a 64 bit windows 7 system...it works perfectly for one day...allowing for
> putty access after reboots and log in/out...yet when i come into work the next
> day i can  log in via putty but instantly get thrown out with:
>
> /bin/bash: Operation not permitted error.

Complaints like this are typically caused by commands run by the interpreter
(bash in this case).  This could be caused by something in your rc files.
I'd check bash_profile and /etc/profile first but check them all if these
aren't the source.

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

/bin/bash: Operation not permitted

[michael pitoniak]

greetings,

 i have a really strange problem...i install the latest cygwin release
1.7.16(0.262/5/3) with the openssh option and configure it with ssh-host-config
on a 64 bit windows 7 system...it works perfectly for one day...allowing for
putty access after reboots and log in/out...yet when i come into work the next
day i can  log in via putty but instantly get thrown out with:

/bin/bash: Operation not permitted error.

attached is a debug trace of $ssh -vvv localhost -l michael.pitoniak that fails.

i suspect it has something to do wit anti virus software of public kyes...any
suggestions on how to further debug greatly appreciated...passwd files look the
same...really stumped here...

many thanks,

mp



michael.pitoniak@Pitoniak-wkst2 ~
$ ssh -vvv localhost -l michael.pitoniak

......


debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Tue Aug 21 08:45:12 2012 from ::1
/bin/bash: Operation not permitted
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

Connection to localhost closed.
Transferred: sent 2168, received 1840 bytes, in 0.2 seconds
Bytes per second: sent 11976.7, received 10164.7
debug1: Exit status 1


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple