This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: OpenSSH - sftp not working for non-Administrator users


Christopher Faylor wrote:
On Sun, Jul 19, 2009 at 10:14:51PM -0500, Doug Lim wrote:
On Sun, Jul 19, 2009 at 10:37:42PM -0400, Christopher Faylor wrote:
On Sun, Jul 19, 2009 at 08:50:47PM -0500, Doug Lim wrote:
After a bit more research on the problem, I found a discussion thread
on the web discussing a similar problem from 2006.  The difference is
that the thread discusses scp connections dropping immediately after
non-administrator authentication.

http://winscp.net/forum/viewtopic.php?t=3782

A response to a thread from March of this year indicates that copying
all of the DLL files from cygwin\usr\bin to cygwin\usr\sbin as a
workaround.  I've copied the DLL files on my server per the workaround
and now non-administrator users are able to use sftp.

I've attached a copy of cygcheck.out from the server where this is
happening.
That sounds like a pretty <insert negative adjective here> workaround.

Just setting the PATH to include cygwin's bin directory is likely to
work better. I know that someone in that thread said that they did
that already but I'm not convinced that they really knew what they were
doing.
Except, cygwin\bin was already in the path as indicated in the
cygcheck.out I attached.

The cygcheck.out file shows that the cygwin directory was in the PATH
when you ran the cygcheck program. It doesn't necessarily mean that it
is the path that a service sees.
I added D:\cygwin\bin to the PATH via the Environment Variables button on the Advanced tab in the System Properties control panel applet followed by a system reboot after cygwin and openssh were installed. If you're suggesting that's not sufficient for a running service to see the updated path, then what would you suggest should be done differently?

It doesn't explain why users belonging to the Local Administrators
group would be able to maintain an SFTP connection while
non-Administrators would get dropped immediately following
authentication.

Copying a bunch of DLLs to /usr/sbin doesn't explain this either.


I don't understand and can't offer an explanation of why the workaround works. I can't speak to the fact that it doesn't make sense that the workaround should work. I only know that this isn't just theoretical. This is actual testing and documentation of what has and hasn't worked.
cgf

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple





-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]