This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 1.7.9: login via ssh allows Administrator privileges


Michael Hoffman wrote:
When I log in via ssh I find I have Administrator privileges:

$ id -a
uid=1000(Michael) gid=513(None) groups=513(None),545(Users)

$ ssh localhost

# id -a
uid=1000(Michael) gid=513(None)
groups=513(None),0(root),544(Administrators),545(Users)

Is there a way to turn this off or remove myself from the Administrators and
root groups? I prefer not to have administrative access unless I explicitly
request it.

Restarting the shell through cygdrop from cygutils package may help:


# exec cygdrop /bin/bash -l

This does essentially the same as Windows if UAC is enabled: The process is started with a restricted token where admin group(s) and privileges are removed.

The cygdrop -v option prints the removed groups and privileges, -vv prints also the preserved ones. There are also options to control which groups or privileges are removed in case the default is not suitable.

--
Christian Franke


-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]