Mail Archives: cygwin-developers/2000/10/02/08:16:12

www.delorie.com/archives/browse.cgi

search

Mail Archives: cygwin-developers/2000/10/02/08:16:12

Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>

List-Post: <mailto:cygwin-developers AT sources DOT redhat DOT com>

List-Help: <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-developers-owner AT sources DOT redhat DOT com

Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com

Message-ID: <39D87C62.4753BC21@cygnus.com>

Date: Mon, 02 Oct 2000 14:15:30 +0200

From: Corinna Vinschen <vinschen AT cygnus DOT com>

Reply-To: cygdev <cygwin-developers AT sources DOT redhat DOT com>

X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.14-SMP i686)

X-Accept-Language: de, en

MIME-Version: 1.0

To: cygdev <cygwin-developers AT sources DOT redhat DOT com>

Subject: Re: seteuid ?

References: <20001002113423 DOT 17709 DOT qmail AT web113 DOT yahoomail DOT com>

Earnie Boyd wrote:
> I need to
> be able to su root in order to have some daemon programs I'm trying to port
> think that I'm UID=0.
> 
> Now, I could modify the daemon but IMO I shouldn't have to.  So, what in your
> opinion is the best way to implement this scenario in Cygwin?  I understand
> that the ability to maintain the current function is probably wanted so
> something like ntsec=workstation is going to be necessary.

My opinion is in fact that you should modify the daemon. I did that
for OpenSSH, too. Porting to NT has the unfortunate effect that you
have to drop the special meaning of UID 0. You have three choices,
AFAICS:

- Worst: Drop all tests for UID. It's currently implemented that way in
  OpenSSH as well.

- Medium: Change to test for member of Administrators. You can get that
  by calling NetUserGetInfo(NULL, username, 1, buf) and checking for
  buf->usri1_priv == USER_PRIV_ADMIN. However, this check isn't valid
  for LocalSystem which you would need to check explicitly.

- Best: Check explicitly for one or more user rights by calling
  GetTokenInformation(..., TokenPrivileges, ...).

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin AT sources DOT redhat DOT com
Red Hat, Inc.
mailto:vinschen AT cygnus DOT com

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin-developers/>
List-Post:	<mailto:cygwin-developers AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-developers-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin-developers AT sources DOT redhat DOT com
Message-ID:	<39D87C62.4753BC21@cygnus.com>
Date:	Mon, 02 Oct 2000 14:15:30 +0200
From:	Corinna Vinschen <vinschen AT cygnus DOT com>
Reply-To:	cygdev <cygwin-developers AT sources DOT redhat DOT com>
X-Mailer:	Mozilla 4.75 [en] (X11; U; Linux 2.2.14-SMP i686)
X-Accept-Language:	de, en
MIME-Version:	1.0
To:	cygdev <cygwin-developers AT sources DOT redhat DOT com>
Subject:	Re: seteuid ?
References:	<20001002113423 DOT 17709 DOT qmail AT web113 DOT yahoomail DOT com>