Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com Message-ID: <39D87C62.4753BC21@cygnus.com> Date: Mon, 02 Oct 2000 14:15:30 +0200 From: Corinna Vinschen Reply-To: cygdev X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.14-SMP i686) X-Accept-Language: de, en MIME-Version: 1.0 To: cygdev Subject: Re: seteuid ? References: <20001002113423 DOT 17709 DOT qmail AT web113 DOT yahoomail DOT com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Earnie Boyd wrote: > I need to > be able to su root in order to have some daemon programs I'm trying to port > think that I'm UID=0. > > Now, I could modify the daemon but IMO I shouldn't have to. So, what in your > opinion is the best way to implement this scenario in Cygwin? I understand > that the ability to maintain the current function is probably wanted so > something like ntsec=workstation is going to be necessary. My opinion is in fact that you should modify the daemon. I did that for OpenSSH, too. Porting to NT has the unfortunate effect that you have to drop the special meaning of UID 0. You have three choices, AFAICS: - Worst: Drop all tests for UID. It's currently implemented that way in OpenSSH as well. - Medium: Change to test for member of Administrators. You can get that by calling NetUserGetInfo(NULL, username, 1, buf) and checking for buf->usri1_priv == USER_PRIV_ADMIN. However, this check isn't valid for LocalSystem which you would need to check explicitly. - Best: Check explicitly for one or more user rights by calling GetTokenInformation(..., TokenPrivileges, ...). Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT sources DOT redhat DOT com Red Hat, Inc. mailto:vinschen AT cygnus DOT com