This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Still confused about cyg_server vs. user id when logging in via ssh

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Mon, 4 Nov 2013 13:03:07 +0100
Subject: Re: Still confused about cyg_server vs. user id when logging in via ssh
Authentication-results: sourceware.org; auth=none
References: <21110 dot 44071 dot 195847 dot 904212 at consult dot pretender>
Reply-to: cygwin at cygwin dot com

On Nov  3 15:03, frigging raw email address wrote:
> When I login via ssh, I *appear* at first glance to have the same id
> and privileges as I do when I log in directly.
> 
> a) If I am an administrator, then 'id -a' gives the following
>    consistent answer for both direct and ssh login:
>    	uid=1001(myusername) gid=513(None) groups=513(None),0(root),544(Administrators),545(Users)
> 
> b) If I am a regular user, then 'id -a' gives the following consistent
> answer:
>    	uid=1001(myusername) gid=513(None) groups=513(None),545(Users)
> 
> 
> However, there are some important differences.
> 1. First and most importantly, when I log in as administrator via 'ssh',
>    somehow cyg_server seems to be the real owner of all my files
>    (despite the fact that cygwin 'ls -al' seems to mask that).
> 
> In particular, 'subinacl' gives
>    /owner =mymachine\cyg_server
>    /pace =winlawyer\cyg_server  Type=0x0 Flags=0x0 AccessMask=0x1f019f
> For all files that are actually owned by me... though it gets the
> ownership right for files owned by others.
> 
> This is a problem since I use ssh, as part of my backup scripts to run
> subinacl to backup acls.
> 
> My bottom line question is whether there is any way to login via SSH
> and to get a shell with true ADMINISTRATOR privileges so that there is
> no difference between a SSH log in and a local login... at a minimum
> is there any way to get subinacl to work right.

http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-logonuser

> 2. Whether I log in as an ordinary user or as administrator via SSH,
> only some but not all user variables are properly set. So, for example
> "HOME" seems to be set properly but not for example "APPDATA". I don't
> understand why some variables are set and not others...

Security reasons, a request from the upstream OpenSSH maintainers way
back when.  This has been discussed in the past on this ML, including
some workarounds, AFAIR.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpyvVTBCaRFM.pgp
Description: PGP signature

Follow-Ups:
- Re: Still confused about cyg_server vs. user id when logging in via ssh
  - From: Anthony Geoghegan

References:
- Still confused about cyg_server vs. user id when logging in via ssh
  - From: cygwin

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]