((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Corinna Vinschen
vinschen at redhat.com
Thu Feb 20 03:55:19 EST 2003
On Wed, Feb 19, 2003 at 10:22:37AM -0500, James Dennis wrote:
> Hmm...
>
> I could've sworn OpenSSH was for Unix and ran under NT only in cygwin.
> Does it matter what NT is setup to do then? I suppose superuser could be
The point is not the uid 0. There isn't anything like uid 0 in a
NT system. Cygwin is just a POSIXy environment on top of NT so we
depend on the underlying OS. We can't change it, just use it's
capabilities.
> system-dependent, but I think Ben is right. If you have multiple
> accounts with uid 0, you haven't set your system up correctly.
The problem is that OpenSSH depends on uid 0 being *the* superuser.
There are systems out there which don't have uid 0 being the one
superuser but support several uids as being part of a superuser
group. All I'm trying to say, it is system dependent but there's
no support for that in OpenSSH. What I'm missing is something
like an official statement. I'm willing to provide the necessary
patches to OpenSSH to support a is_root() or is_superuser() call
which would substitute any comparison of the uid with the fixed
value 0. But I won't do that if there's no chance to get the fixes
applied.
AFAIK there isn't only Cygwin. Newer Solaris supports a similar
concept, isn't it?
Corinna
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
More information about the openssh-unix-dev
mailing list