This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

FW: admin privileges when logging in by ssh?


> Date: Sun, 11 Sep 2011 21:59:23 -0400
> From: moss
> To: cygwin
> Subject: Re: admin privileges when logging in by ssh?
>
> On 9/11/2011 9:07 PM, Andrew Schulman wrote:
> >>> When a user with administrative privileges logs in to sshd, it seems that the user is only granted
> >>> standard user privileges for that session. Is there a way around that? How can I get the admin
> >>> privileges for that session?
> >>
> >> Nevermind. I found the answer from Corinna way back in 2004:
> >> http://cygwin.com/ml/cygwin/2004-09/msg00087.html. "The bottom line is, if you need all the user's
> >> access rights use password authentication. If that doesn't help, you're out of luck."
> >
> > Continuing my conversation with myself...
> >
> > The above is half right. It seems that I have to log in by password
> > authentication, and then authenticate again to UAC, before I get my admin
> > rights.
> >
> > At the console that's how it works: I log in as the backup user, ask for admin
> > rights, authenticate again to UAC, and then, finally, can read or write any file
> > on the system.
> >
> > In sshd, I log in by password authentication, but now I'm stuck because I don't
> > know a command-line program to authenticate to UAC. Without that, I don't have
> > any admin rights.
> >
> > So: Is there a command-line program that will allow me to authenticate to UAC?
> > And do I have this right?
>
> If what you want to do is to run a particular program with elevated
> privileges (which I guess might include cmd.exe), then this web
> page may be of assistance:
>
> http://www.sevenforums.com/tutorials/11949-elevated-program-shortcut-without-uac-prompt-create.html
>
> Other pages I found make the same recommendation.
>
Two other alternatives for elevation:


1) Win 7 (and perhaps Vista) allows to run select programs elevated without UAC. It involves creating
a data base of trusted programs that windows will check. See...
http://www.techrepublic.com/blog/window-on-windows/selectively-disable-uac-for-your-trusted-vista-applications/635


2) Use a program that can handle the elevation for you, such as hstart ot this one...
UAC Trust Shortcut http://www.itknowledge24.com/downloads.html#


For the issue of priv level for the user logged in from ssh, Corinna announced multiple options available with the 1.7
Cygwin release. The password can be saved locally as windows does for services and scheduled tasks or the LSA
can be used. See
http://cygwin.com/cygwin-ug-net/ntsec.html


HTH,

...Karl 		 	   		  

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]