This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: seteuid 1019: Operation not permitted


On 2/15/2014 7:08 PM, Evan Rowley wrote:
Everyone!

I finally figured out what the problem was here.

A group policy was in effect on the Windows machine. The group policy
is supposed to enforce the baseline security configuration as defined
by the Center for Internet Security (CIS) Benchmark for Windows
Servers. One particular Local User Security Policy setting was
disabled. It was "act as part of the operating system" - apparently
this is needed in order for SSHD in Cygwin to work.

Yeah, this is mentioned in the closely related FAQ entry
<http://cygwin.com/faq.html#faq.using.sshd-in-domain>.  The need for
it is also spelled out in the /usr/share/csih/cygwin-service-installation-helper.sh script used by /usr/bin/ssh-host-config. I know, it's not real
obvious that this is a requirement when you're installing or why.  And
when it's not unavailable the complaints that ensue aren't that easy
to immediately track back to this security policy.

I have this vague recollection that this particular policy is only
necessary to support public key authentication, though I didn't test that.
Regardless, that's small consolation if public key authentication is what
you're looking for. ;-)

--
Larry

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]