This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd on vista error "initgroups: Permission denied" (cygwin-1.7)


[Chuck?  This affects csih and tcp_wrappers]

On Nov  8 07:44, Herb Maeder wrote:
> Running sshd (openssh 5.1p1-d57 or 5.1p1-7) on cygwin-1.7 and vista
> results in the following error:
> 
>         % ssh localhost pwd
>         herb@localhost's password:
>         initgroups: Permission denied
> 
> I think this should be easily reproducible with a fresh installation of
> just cygwin 1.7 base + openssh running on a generic vista confiuration
> with UAC enabled.  
> 
> Can anyone confirm this?  If it is specific to my setup, I'll dig deeper
> and provide more information.

I can't reproduce this.  A permission denied in initgroups point to
insufficient privileges of the account running sshd.  Are you running
sshd with a local cyg_server account but trying to login with a domain
account?  Maybe there's a permission problem.

> For more details on reproducing this see this message (specifically item 7):
> 
>     http://www.cygwin.com/ml/cygwin/2008-10/msg00370.html
> 
> BTW, the following issues in that message also still exist in the 5.1p1-7
> release.  But they can be worked around more easily.

Concerning the above mail,

1. Yes, ssh-host-config has to be run elevated, as with all applications
   requiring actual admin privileges.  There's no way to elevate a child
   process running in the same console window.  Microsoft tweaked the
   ShellExecute() call in shell32.dll heavily to allow the UAC stuff,
   but neglected to allow applications using the CreateProcess() call to
   do the same.  ShellExecute is not an option to use in Cygwin processes.

2. That's fixed.

>   3. "ssh-host-config -y" still prompts for user input
>   4. Missing warning if cyg_server exists in /etc/passwd but not in SAM
>   6. error in setting cyg_server passwd expiry

These are csih issues.  Charles?  Can you have a look into that?

>   5. "ssh localhost pwd" gives 'ssh_exchange_identification' error (only if
>       tcp_wrapper package is installed)

Confirmed.

Have a look into the event viewer.  You'll find a error entry for sshd
along the lines of "/etc/hosts.allow, line x: host name/address mismatch:
127.0.0.1 != yourmachine.domain.toplevel.  This is, AFAIK, a result of
the PARANOID setting in

  ALL : PARANOID : deny

Charles?  This is your package.  Would it make sense to remove the
PARANOID setting from the default file or to turn around the order
of the two default rules?  


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]