On Mon, Sep 15, 2003 at 03:13:27PM +0200, Olivier ALLART wrote: > Corinna Vinschen wrote: > >create a special account for this, which is member of the admins > >group and has the additional user privileges "Create a token object", > >"Replace a process level token" and "Logon as a service". Probably > >it makes sense to remove other privileges from that account, e.g. > >the right to logon locally or so. > > my (dumb ?) question is : where do we define such parameters ? > > And if I get the thing correctly, sshd sould still run the same way > (under the sshd user account with local sys privileges) but we should > connect using this newluy created user account to log in .. am I right ?
No. *Don't* run sshd under the sshd account. The service must run under some privileged account, member of the administrators group, created with the usual Windows user management tools. Add the "Create a token object" right to the account in the "Local Security Policy" mmc snap-in. Create an /etc/passwd entry for the user. Install the service with cygrunsrv so that it runs under that new privileged account. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
