OpenSSH - sftp not working for non-Administrator users

Doug Lim doug.lim@tigroup-usa.com
Mon Jul 20 11:05:00 GMT 2009 

Christopher Faylor wrote:
> On Sun, Jul 19, 2009 at 10:14:51PM -0500, Doug Lim wrote:
>   
>> On Sun, Jul 19, 2009 at 10:37:42PM -0400, Christopher Faylor wrote:
>>     
>>> On Sun, Jul 19, 2009 at 08:50:47PM -0500, Doug Lim wrote:
>>>       
>>>> After a bit more research on the problem, I found a discussion thread
>>>> on the web discussing a similar problem from 2006.  The difference is
>>>> that the thread discusses scp connections dropping immediately after
>>>> non-administrator authentication.
>>>>
>>>> http://winscp.net/forum/viewtopic.php?t=3782
>>>>
>>>> A response to a thread from March of this year indicates that copying
>>>> all of the DLL files from cygwin\usr\bin to cygwin\usr\sbin as a
>>>> workaround.  I've copied the DLL files on my server per the workaround
>>>> and now non-administrator users are able to use sftp.
>>>>
>>>> I've attached a copy of cygcheck.out from the server where this is
>>>> happening.
>>>>         
>>> That sounds like a pretty <insert negative adjective here> workaround.
>>>
>>> Just setting the PATH to include cygwin's bin directory is likely to
>>> work better.  I know that someone in that thread said that they did
>>> that already but I'm not convinced that they really knew what they were
>>> doing.
>>>       
>> Except, cygwin\bin was already in the path as indicated in the
>> cygcheck.out I attached.
>>     
>
> The cygcheck.out file shows that the cygwin directory was in the PATH
> when you ran the cygcheck program.  It doesn't necessarily mean that it
> is the path that a service sees.
>   
I added D:\cygwin\bin to the PATH via the Environment Variables button on the Advanced tab in the System Properties control panel applet followed by a system reboot after cygwin and openssh were installed. If you're suggesting that's not sufficient for a running service to see the updated path, then what would you suggest should be done differently?

>> It doesn't explain why users belonging to the Local Administrators
>> group would be able to maintain an SFTP connection while
>> non-Administrators would get dropped immediately following
>> authentication.
>>     
>
> Copying a bunch of DLLs to /usr/sbin doesn't explain this either.
>
>   
I don't understand and can't offer an explanation of why the workaround 
works. I can't speak to the fact that it doesn't make sense that the 
workaround should work. I only know that this isn't just theoretical. 
This is actual testing and documentation of what has and hasn't worked.
> cgf
>
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>
>
>   



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list