This is the mail archive of the
mailing list for the Cygwin project.
Re: admin privileges when logging in by ssh?
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 4 Oct 2011 11:44:40 +0200
- Subject: Re: admin privileges when logging in by ssh?
- References: <firstname.lastname@example.org> <email@example.com>
- Reply-to: cygwin at cygwin dot com
On Sep 12 10:24, Andrew Schulman wrote:
> > When a user with administrative privileges logs in to sshd, it seems that the user is only granted
> > standard user privileges for that session. Is there a way around that? How can I get the admin
> > privileges for that session?
> Winding this up:
> Password authentication to sshd is all that's needed to be granted the account's admin privileges on
> login. I was mistaken about UAC: unlike at the console, when you log in by ssh, the account's
> admin privileges are granted at login, without needing any further authentication to UAC.
I'm quite puzzeled since password authentication should not be needed.
This should work with pubkey as well. Please see
a discussion how setuid works in Cygwin.
In all cases, password auth and passwordless auth, you should get a full
admin token. In case of password auth and in the passwordless methods
2 and 3, the OS returns a restricted token under UAC, but that token
has a reference to the full admin token attached. Cygwin fetches this
token and uses that when switching the user context. In the default
passwordless method 1, Cygwin creates a token from scratch, which also
has full admin rights. However, this token has a couple of problems as
described in http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
Probably that's what you stumble over.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple