This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made

From: Larry Hall <lh-no-personal-replies-please at cygwin dot com>
To: Brian Keener <bkeenerReMoVeAnTiSpAm at thesoftwaresource dot com>, cygwin at cygwin dot com
Date: Thu, 09 Jun 2005 20:27:39 -0400
Subject: Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
References: <VA.000011ab.0053f8b1@thesoftwaresource.com> <20050606104023.GG3268@calimero.vinschen.de> <VA.000011af.013e5ade@thesoftwaresource.com> <20050607090035.GB23172@calimero.vinschen.de> <VA.000011b0.011613de@thesoftwaresource.com> <20050608102442.GO23172@calimero.vinschen.de> <VA.000011b4.0096adb5@thesoftwaresource.com> <6.2.1.2.0.20050608225206.07171260@pop.prospeed.net> <VA.000011b6.007c5ab8@thesoftwaresource.com>
Reply-to: Cygwin List <cygwin at cygwin dot com>

At 02:07 PM 6/9/2005, you wrote:
>Larry Hall wrote:
>> Perhaps you added one or more of these one time when you wanted to try 
>> this with your account and didn't remove them all later.
>
>sshd kept jumping to mind and after a google search of cygwin.com it seems to 
>hold that at one time this was the method (and may still be - just not using 
>your personal account) of getting ssh/sshd to work.  Those searches also show 
>me getting help getting sshd working (although I do not mention those settings 
>being changed) and then finally getting it working (through the help of Max and 
>Corinna) using SYSTEM.

The OpenSSH server, sshd, typically runs as a service.  To support switching
to a new user, the account the service runs as must have the previously 
listed privileges.  SYSTEM has all of them by default on NT/W2K/XP.  W2K3's 
SYSTEM doesn't, so you have to create a new account that has these 
permissions and run the sshd service under that account (or modify an 
existing one if you're comfortable with that option).  This all has been 
automated by the /bin/ssh-host-config script for some time though, including 
creating a special 'sshd_server' account for W2K3 to run the sshd service.  
At one time, many of these steps did need to be performed manually, though I
can't ever remember needing to create or modify an existing account to run 
the sshd service on NT/W2K/XP.  There was certainly some docuementation of
these requirements in /usr/share/doc/Cygwin/openssh-README and 
/usr/share/doc/Cygwin/inetutils-1.3.2.README.  You may have gotten some 
ideas from these documents at some point in time.  And there was certainly
some discussion of how to set up such an account, be it your own or a new
one, on the list from time to time.  You may have even had someone suggest
to you to add these permissions (it would have been a reasonable suggestion
if you mentioned that you had installed the service to run with your user
account).  But, like I said, making these changes is not a requirement for
running sshd as a service and has never been a requirement on NT/W2K/XP
AFAIR.  So if you don't have a use for such privileges on your account,
you can remove them if you like.

--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
  - From: Brian Keener
- Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
  - From: Corinna Vinschen
- Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
  - From: Brian Keener
- Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
  - From: Corinna Vinschen
- Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
  - From: Brian Keener
- Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
  - From: Corinna Vinschen
- Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
  - From: Brian Keener
- Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
  - From: Larry Hall
- Re: Login & Something diff since cygwin 1.5.15-1 release - could it be security changes that were made
  - From: Brian Keener

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]