[windows2000] Sshwindows

  • From: "Sorin Srbu" <sorin.srbu@xxxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Mon, 25 Jun 2007 09:30:19 +0200

Hi all,

Anybody using this "mini-cygwin" ssh implementation for windows;
http://sourceforge.net/projects/sshwindows? Have a problem with it... 

I installed ssh for windows on a win2k3 sp2 DC and it seems to work as
expected. 
 
Using WinSCP to access the ssh server works excellent also. 
 
Only problem is that when I login with a test domain user-account (which has
no real priv's on the domain except for the home-folder which is a upload
shared folder on the DFS for a number of people) this user can access and see
all the files in <c:\program files\openssh> including the passwd-file. 
 
I don't feel this is a good idea. Any hints on as how to solve this? I tried
to remove list ntfs-rights and so on to the whole openssh-folder, but this
only resulted in my test-account couldn't login at all. 
 
I then reset the rights as they were before, but removed all non-priviliegied
account rights to the etc-folder. This seems to work and the user is not
allowed to view the passwd and all files in the etc-folder. 
 
Next I tried the same thing with the bin-folder in order to disallow use of
makepasswd.exe and makegroup.exe, but this again disabled login of my
test-account. 
 
So, currently I'm stuck with a no-access etc-folder for regular users, which I
think is a really ugly way to do things. 
 
Is there some other cleaner way to disallow access to "normal" users when they
click the "/" in WinSCP?

TIA.


-- 
  
BW,

Sorin

# Sorin Srbu, Systems Engineer  Web: http://www.orgfarm.uu.se
# Dept of Medicinal Chemistry,  Phone: +46 (0)18-4714482 >3 signals> GSM
# Div of Org Pharm Chem,                Mobile: +46 (0)701-718023
# Box 574, Uppsala University,  Fax: +46 (0)18-4714482
# SE-751 23 Uppsala, Sweden     Visit: BMC, Husargatan 3, D5:512b
#
# ()  ASCII ribbon campaign - Against html E-mail 
# /\
#
# Harmless tagline follows:
#
# Some things Man was never meant to know. For everything else, there's
Google.



*****************************
New Site from The Kenzig Group!
Windows Vista Links, list options 
and info are available at:
http://www.VistaPop.com
***************************** 
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

  1. Home
  2. windows2000
  3. Archive
  4. 06-2007