This is the mail archive of the
mailing list for the Cygwin project.
Re: sshd on vista error "initgroups: Permission denied" (cygwin-1.7)
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Mon, 10 Nov 2008 15:48:15 +0100
- Subject: Re: sshd on vista error "initgroups: Permission denied" (cygwin-1.7)
- References: <email@example.com>
- Reply-to: cygwin at cygwin dot com
[Chuck? This affects csih and tcp_wrappers]
On Nov 8 07:44, Herb Maeder wrote:
> Running sshd (openssh 5.1p1-d57 or 5.1p1-7) on cygwin-1.7 and vista
> results in the following error:
> % ssh localhost pwd
> herb@localhost's password:
> initgroups: Permission denied
> I think this should be easily reproducible with a fresh installation of
> just cygwin 1.7 base + openssh running on a generic vista confiuration
> with UAC enabled.
> Can anyone confirm this? If it is specific to my setup, I'll dig deeper
> and provide more information.
I can't reproduce this. A permission denied in initgroups point to
insufficient privileges of the account running sshd. Are you running
sshd with a local cyg_server account but trying to login with a domain
account? Maybe there's a permission problem.
> For more details on reproducing this see this message (specifically item 7):
> BTW, the following issues in that message also still exist in the 5.1p1-7
> release. But they can be worked around more easily.
Concerning the above mail,
1. Yes, ssh-host-config has to be run elevated, as with all applications
requiring actual admin privileges. There's no way to elevate a child
process running in the same console window. Microsoft tweaked the
ShellExecute() call in shell32.dll heavily to allow the UAC stuff,
but neglected to allow applications using the CreateProcess() call to
do the same. ShellExecute is not an option to use in Cygwin processes.
2. That's fixed.
> 3. "ssh-host-config -y" still prompts for user input
> 4. Missing warning if cyg_server exists in /etc/passwd but not in SAM
> 6. error in setting cyg_server passwd expiry
These are csih issues. Charles? Can you have a look into that?
> 5. "ssh localhost pwd" gives 'ssh_exchange_identification' error (only if
> tcp_wrapper package is installed)
Have a look into the event viewer. You'll find a error entry for sshd
along the lines of "/etc/hosts.allow, line x: host name/address mismatch:
127.0.0.1 != yourmachine.domain.toplevel. This is, AFAIK, a result of
the PARANOID setting in
ALL : PARANOID : deny
Charles? This is your package. Would it make sense to remove the
PARANOID setting from the default file or to turn around the order
of the two default rules?
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html