This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Mar 17 21:54, Lord Laraby wrote: > On Mon, Mar 17, 2014 at 7:43 PM, Andrey Repin <> wrote: > > Greetings, Lord Laraby! > > > >> Oh and I forgot the most intriguing gotcha. After creating the sshd > >> user for me (I went to service manager and discovered this) the user > >> assigned to the sshd server was actually cyg_server (not sshd)!!!!! > >> After changing all of those things the service started. > > > > That's because service is running as cyg_server, while sshd user is used to > > invoke login shells of connecting users. > > You just messed it all. > > > > > > -- > > WBR, > > Andrey Repin (anrdaemon@yandex.ru) 18.03.2014, <03:42> > > > > Sorry for my terrible english... > > > I did not change anything. As I said originally, after running > ssh-host-config, no changes on my part, I had a slew of errors. See my > original message. I do not change things on a whim. Service failed to > start, means just what it says! Nevertheless Andrey is right. The sshd account is not meant to run the service. It's an unprivileged account used only in conjunction with privilege separation. The account you're supposed to run this under is cyg_server, which is supposed to be a special account with more privileges as a normal admin. If you already have a cyg_server account, it's utilized by default. If the cyg_server account doesn't have the required permissions, sshd is bound to fail. The /etc/ssh* files as well as /var/empty are supposed to be owned by the user account running sshd, which is cyg_server. ssh-host-config usually sets the permissions on these files accordingly. The message "/var/empty must be owned by root and not group or world-writable." is generated by sshd and it's the right message for all other POSIX systems, except Cygwin. For Cygwin "root" here denotes the user running sshd. The reason the message doesn't reflect that is the unwillingness of the upstream developers to change that just for the sake of Cygwin. I'm asking for 10 years or so to convert certain checks for uid 0 into platform-independent privilege tests. I even sent patches to that effect, but to no avail. My suggestion: Remove all files related to ssh from /etc. Remove /var/empty. Remove the ssh logs from /var/log. Remove the sshd and cyg_server accounts from your SAM. Drop both from /etc/passwd. Remove the sshd service. Start over. In another mail you wrote: > cyg_server is already taken by a non-prvileged user > connected to the cygserver service. Why? The cygserver service *can* run under a non-prvileged account, but it's not supposed to. It's not even supposed to run under the cyg_server account, but under SYSTEM (or LocalSystem) because it usually needs certain privileges. The cygserver-config script does exactly that. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
Attachment:
pgpQWYzR15gAb.pgp
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |