This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Administrator lacking super-user privileges on cygwin installation


I assume you are using Openssh?  If you installed Openssh as a Windows
service then SYSTEM is the owner of the files, otherwise the owner is
whatever user did the installation.  This is, of course, assuming that you
used the ssh-host-config script in /bin.  However, I have installed it both
ways and I have not received the error you are describing.  You might want
to check the value of the CYGWIN environment variable.  By default ntsec is
turned on but if that variable includes "nontsec" or "ntea" then that might
be what is causing your problem.


----- Original Message -----
From: "Larry Hall" <>
To: "Myk Melez" <>
Cc: <>
Sent: Thursday, July 31, 2003 9:40 PM
Subject: Re: Administrator lacking super-user privileges on cygwin

> Myk Melez wrote:
> > I have two machines with what look like identical cygwin installations
> > on them, but the Administrator account on one of them doesn't have
> > super-user privileges.  This causes sshd not to have access to
> > /home/some-user/.ssh (which is restricted to only "some-user") and thus
> > prevents key-based authentication.  Regular password-based
> > authentication works, so the problem isn't sshd itself.  Logging in as
> > the Administrator and doing "ls /home/some-user/.ssh/*" gives me a
> > "permission denied" error, which also confirms that the problem is with
> > the permissions of the Administrator account and not sshd.
> >
> > The Administrator NT accounts (and Administrators NT groups) seem
> > identical on the two machines, as are permissions for the C:\cygwin
> > directory.  Both systems had old cygwin installations on them that we
> > blew away before installing the latest.  What am I missing?
> 1. SYSTEM is the account that sshd runs as, not administrator.  It's
>     the only default account that has permissions to switch user contexts
>     without authenticating the new user through Windows password mechanism
>     (for NT/W2K/XP).
> 2. Only the owner of the private key files in .ssh should have permissions
>     to access these files.  Public key files should be readable by anyone.
>     You'll want to check the permissions on these files relative to the
>     above.
> 3. Generally, you should read <>.
> --
> Larry Hall                    
> RFK Partners, Inc.                      (508) 893-9779 - RFK Office
> 838 Washington Street                   (508) 893-9889 - FAX
> Holliston, MA 01746
> --
> Unsubscribe info:
> Problem reports:
> Documentation:
> FAQ:         

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]