This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: admin privileges when logging in by ssh?

On Sep 12 10:24, Andrew Schulman wrote:
> > When a user with administrative privileges logs in to sshd, it seems that the user is only granted
> > standard user privileges for that session.  Is there a way around that?  How can I get the admin
> > privileges for that session?
> Winding this up:
> Password authentication to sshd is all that's needed to be granted the account's admin privileges on
> login.  I was mistaken about UAC:  unlike at the console, when you log in by ssh, the account's
> admin privileges are granted at login, without needing any further authentication to UAC.

I'm quite puzzeled since password authentication should not be needed.
This should work with pubkey as well.  Please see for
a discussion how setuid works in Cygwin.

In all cases, password auth and passwordless auth, you should get a full
admin token.  In case of password auth and in the passwordless methods
2 and 3, the OS returns a restricted token under UAC, but that token
has a reference to the full admin token attached.  Cygwin fetches this
token and uses that when switching the user context.  In the default
passwordless method 1, Cygwin creates a token from scratch, which also
has full admin rights.  However, this token has a couple of problems as
described in
Probably that's what you stumble over.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]