From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 68836 invoked by alias); 11 Mar 2016 14:05:35 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 68821 invoked by uid 89); 11 Mar 2016 14:05:35 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=H*RU:sk:dynamic, Hx-spam-relays-external:sk:dynamic, imagination, sshhostconfig X-HELO: www.hepe.com Received: from www.hepe.com (HELO www.hepe.com) (78.47.220.225) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Fri, 11 Mar 2016 14:05:32 +0000 Received: from dynamic-31-25-125-157.ftth.glattnet.ch ([31.25.125.157] helo=[192.168.0.100]) by www.hepe.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aeNh2-0005xk-UE for cygwin@cygwin.com; Fri, 11 Mar 2016 15:05:29 +0100 Subject: Re: /bin/bash: Operation not permitted To: cygwin@cygwin.com References: <60610071.5233701.1457534241961.JavaMail.yahoo.ref@mail.yahoo.com> <60610071.5233701.1457534241961.JavaMail.yahoo@mail.yahoo.com> <56E042DD.2090804@gmail.com> From: Aaron Digulla Message-ID: <56E2D09F.3020508@hepe.com> Date: Fri, 11 Mar 2016 14:05:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <56E042DD.2090804@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2016-03/txt/msg00159.txt.bz2 Am 09.03.2016 um 16:35 schrieb Marco Atzeri: > On 09/03/2016 16:25, Achim Gratz wrote: >> Francis Korning yahoo.ca> writes: >>> Specifically, ssh-host-config needs these following lines: >> >> The cyg_server account is actually set up in >> /usr/share/csih/cygwin-service-installation-helper.sh and guess what, it >> already does this. It also warns if a pre-existing account does not >> have >> these privileges enabled. > > It is correct Achim, > however I have seen in corporate environment that some of those > setting were removed by security scripts...at every boot. How about a check in the code of sshd to make sure it has the necessary permissions? I'm wondering if it would be better to do those check when it starts or when someone logs in. The former would show the problem early but the admin would have to look in the event log to see the error message (especially after a reboot). The latter would allow to send the error message to the local console (local to the user, remote from the point of view of sshd) and there would be a human who can read it. Regards, -- Aaron "Optimizer" Digulla a.k.a. Philmann Dark "It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits." http://blog.pdark.de/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple