X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:to:message-id:subject
	:mime-version:content-type:content-transfer-encoding:references;
	 q=dns; s=default; b=eY3yXgXY3dB+3Eup92lxgZPu8dtX/kPbSyCBMNLMnEj
	6vG8KZEzmCqcavsBPgCnL8RnFeqrCEkBYVU/jnpjvQkiitKxf4yQs+o/Ulnw84G7
	XRpaJfVqPOQ6duYVlXiqkI4TWl62KPtEa5xzKNbBSmMhfQKpKOhOU0p4OMrUJjc0
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:to:message-id:subject
	:mime-version:content-type:content-transfer-encoding:references;
	 s=default; bh=n3ckYRb+XaKlaxnL5C3T4eorcVk=; b=nsKXFZjtzOwDBQaPx
	Pa+Gyuj8Bg+8/l1yrd6rs6alfu3ckRRZM1/p+ZUhNOyEW8xVAlzE/nBXJooyFzHK
	q7nBASywFK92Nh51B+N1x5Mhe4BA8VYu60jhbL2SaEvAmBivK3dELJ8zC/ChpKo3
	BuE0kNag76GHToOWSlluYcPjzU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=2.6 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=UD:ca, Operation, francis, DSA
X-HELO: nm8-vm2.bullet.mail.ne1.yahoo.com
Date: Wed, 9 Mar 2016 14:37:21 +0000 (UTC)
From: Francis Korning <fkorning AT yahoo DOT ca>
Reply-To: Francis Korning <fkorning AT yahoo DOT ca>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Message-ID: <60610071.5233701.1457534241961.JavaMail.yahoo@mail.yahoo.com>
Subject: /bin/bash: Operation not permitted
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
References: <60610071 DOT 5233701 DOT 1457534241961 DOT JavaMail DOT yahoo DOT ref AT mail DOT yahoo DOT com>

Apologies for spamming but I think this fix needs to be automated in
ssh-host-config and updated in the cygwin FAQ.
Like many users I've been struggling with this obscure bug that allows one 
to log on with ssh only as the priviledged user (cyg_server in my case).
Attempts under another user succeed in all modes of authentication (password, 
RSA, DSA, whatever), but then get disconnected with the esoteric line:

/bin/bash: Operation not permitted

It turns out this has nothing to with bash, but rather with the usser 
cyg_server needing specific NTSEC rights to allow logons as other users.

The fix was found here:

http://www.tux.org/~mayer/cygwin/cygwin_sshd.pdf


Specifically, ssh-host-config needs these following lines:
editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
editrights -a SeCreateTokenPrivilege -u cyg_server
editrights -a SeTcbPrivilege -u cyg_server
editrights -a SeServiceLogonRight -u cyg_server


#editrights -l -u cyg_server



Francis Korning de Grandpre
enterprise software architect
fkorning at yahoo dot ca

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple