Cygwin user permissions for sftp (Operation not permitted)

Question

So, I installed Cygwin 1.7.17 on Win7, I used mkpasswd to bring in a domain user (my main admin account). I used mkpasswd again to bring in a local account I created called "ffftp".

mkpasswd -d -u administrator > /etc/passwd
mkpasswd -l -u ffftp >> /etc/passwd

I used mkgroup to bring in all the necessary windows groups.

I can type

$ login
user: ffftp
password: mypassword

And it logs in... but it says this:

Last login: Tue Apr 16 11:36:49 on pty0
login: no shell: /bin/bash: Operation not permitted

The local user ffftp is just a regular "User" group in windows.

The SID for ffftp starts with S-1-5-21.

I've already created a cygwin/home/ffftp

And set its permissions in windows.

How can I possibly set the private key for "ffftp", if I cannot login to that user?? What am I missing???

Also if anyone has a guide on setting up AES encryption with cygwin sshd that would be greatly appreciated.

Answer 1

Here is how I resolved the error:

/bin/bash: Operation not permitted

First, in the /etc/passwd file, the local user that you created (ffftp) should have a default group associated with it.

For example, my local user is called sshd_server. The group ID# associated with my local user account is 544. It is the number located before the text to describe the local account (Privileged server). See here:

sshd_server:unused:1004:544:Privileged server,U-USCHEPMSTGP01\sshd_server,S-1-5-21-2770448234-4262186856-4033879849-1004:/var/empty:/bin/bash

You may compare this group ID# with the list of groups defined to /etc/group.

Administrators:S-1-5-32-544:544:

Users:S-1-5-32-545:545:

None:S-1-5-21-2770448234-4262186856-4033879849-513:513:

Domain Users:S-1-5-21-329068152-343818398-1801674531-513:10513:

To make my Cygwin SSH connection work, I had to modify my /etc/passwd file, and change the group associated with my local account (sshd_server) to the group ID# associated with "None."

sshd_server:unused:1004:513:Privileged server,U-USCHEPMSTGP01\sshd_server,S-1-5-21-2770448234-4262186856-4033879849-1004:/var/empty:/bin/bash

By changing my group ID# in /etc/passwd from 544 (Administrators) to 513 (None), this error was resolved.