X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Sun, 13 Apr 2008 11:48:40 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: How do I run sshd as a particular user?
Message-ID: <20080413094840.GK23852@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <6ADC05D7-7602-4123-81EF-1DE06D26E91F AT von-campe DOT com> <D1627F08-4387-4C0A-94B2-5AFC6C1EA325 AT von-campe DOT com> <006301c890e8$4fa2f070$2708a8c0 AT CAM DOT ARTIMI DOT COM> <FB6643AB-610F-46F7-B019-389E82E687C8 AT von-campe DOT com> <20080402132726 DOT GG4468 AT calimero DOT vinschen DOT de> <69CA7E11-E788-4149-9246-DCDF5063FBB2 AT von-campe DOT com> <FAB87074-2F1D-4F53-835C-271E735A29E9 AT von-campe DOT com> <c2888f8c0804111711u49c2e41ala1137cd3514ca470 AT mail DOT gmail DOT com> <20080412090648 DOT GC23852 AT calimero DOT vinschen DOT de> <c2888f8c0804121927n588d7109m432f23a2f2340c75 AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <c2888f8c0804121927n588d7109m432f23a2f2340c75@mail.gmail.com>
User-Agent: Mutt/1.5.16 (2007-06-09)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Apr 13 03:27, Robert McKay wrote:
> On Sat, Apr 12, 2008 at 10:06 AM, Corinna Vinschen
> <corinna-cygwin AT cygwin DOT com> wrote:


http://cygwin.com/acronyms/#PCYMTNQREAIYR


> > On Apr 12 01:11, Robert McKay wrote:
> >  > In order to run sshd as an unprivileged user I had to use a nasty
> >  > hexedit hack on the sshd.exe file to replace the seteuid() call (which
> >  > fails / returns -1 without admin privileges and causes sshd to exit)
> >  > with a call to isalpha() which has (almost) the same function
> >  > prototype, but always returns 0 unless your userid 'is an alphanumeric
> >  > charater' :)
> >
> >  Aaaaargh!
> >
> >  I don't know what you're doing wrong but this is *totally* unnecessary.
> >  You can run sshd as unprivileged user without having to change the
> >  sshd code.  You can do this while another sshd is running on
> >  port 22 under a privileged account.  What the user has to do is to create
> >  her own sshd_config file and own host keys.  If no other sshd is running
> >  on the machine, just chown the host key files in /etc and switch off
> >  privilege separation in /etc/sshd_config.
> 
> Interesting.. are you sure your account doesn't have the allow replace
> process token privilege?

Yes.  The account was created as standard user account for the purpose of
testing Cygwin with non-privileged user accounts.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/