/bin/bash: Operation not permitted

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Francis Korning <fkorning@yahoo.ca>
To: "cygwin@cygwin.com" <cygwin@cygwin.com>
Subject: /bin/bash: Operation not permitted
Date: Wed, 09 Mar 2016 14:37:00 -0000	[thread overview]
Message-ID: <60610071.5233701.1457534241961.JavaMail.yahoo@mail.yahoo.com> (raw)
In-Reply-To: <60610071.5233701.1457534241961.JavaMail.yahoo.ref@mail.yahoo.com>

Apologies for spamming but I think this fix needs to be automated in
ssh-host-config and updated in the cygwin FAQ.
Like many users I've been struggling with this obscure bug that allows one 
to log on with ssh only as the priviledged user (cyg_server in my case).
Attempts under another user succeed in all modes of authentication (password, 
RSA, DSA, whatever), but then get disconnected with the esoteric line:

/bin/bash: Operation not permitted

It turns out this has nothing to with bash, but rather with the usser 
cyg_server needing specific NTSEC rights to allow logons as other users.

The fix was found here:

http://www.tux.org/~mayer/cygwin/cygwin_sshd.pdf

Specifically, ssh-host-config needs these following lines:
editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
editrights -a SeCreateTokenPrivilege -u cyg_server
editrights -a SeTcbPrivilege -u cyg_server
editrights -a SeServiceLogonRight -u cyg_server

#editrights -l -u cyg_server

Francis Korning de Grandpre
enterprise software architect
fkorning at yahoo dot ca

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

next      parent reply	other threads:[~2016-03-09 14:37 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <60610071.5233701.1457534241961.JavaMail.yahoo.ref@mail.yahoo.com>
2016-03-09 14:37 ` Francis Korning [this message]
2016-03-09 15:26   ` Achim Gratz
2016-03-09 15:36     ` Marco Atzeri
2016-03-11 14:05       ` Aaron Digulla
2015-08-11 11:45 stephane
2015-08-12  8:16 ` stephane
  -- strict thread matches above, loose matches on Subject: below --
2012-08-21 17:37 michael pitoniak
2012-08-22  0:11 ` Larry Hall (Cygwin)
2012-08-27 15:08   ` michael pitoniak
2012-08-28  6:31     ` Larry Hall (Cygwin)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=60610071.5233701.1457534241961.JavaMail.yahoo@mail.yahoo.com \
    --to=fkorning@yahoo.ca \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).