Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Message-ID: <3E8DF756.64918AEC@ieee.org>
Date: Fri, 04 Apr 2003 16:21:26 -0500
From: "Pierre A. Humblet" <Pierre.Humblet@ieee.org>
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: Rodrigo Serra <rmserra@fibertel.com.ar>
CC: cygwin@cygwin.com
Subject: Re: su questions
References: <000001c2faeb$d031ac10$0102a8c0@rmserra.com.ar>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Rodrigo Serra wrote:
> 
> Pierre
> 
> I create a new user named init, and assigned privileges "Act as part of the
> operating system", "Create a token object", "Log on as service", and
> "Replace a process level token" and the ssh and su with no password prompt
> work!!!
> 
> I not understand what happened. In the documentation of openssh mentioned
> the necessary privileges and not indicate "Create a token object" but
> indicate "Increase quotas". This privileges not exists in my Windows .net
> 
> Well now setguid works in my Windows .net box.

Great. I don't think you need "Act as part of the operating system",
try removing it to increase security and let us know.
According to MS "Increase Quota" is needed for CreateProcessAsUser
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/createprocessasuser.asp>
but your box seems to be special.

Pierre

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/