X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Date: Mon, 12 Jul 2010 11:56:16 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: seteuid problem Win2003 Message-ID: <20100712095616.GB25800@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20100709141738 DOT GA4267 AT wn DOT serv224> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20100709141738.GA4267@wn.serv224> User-Agent: Mutt/1.5.20 (2009-06-14) Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Jul 9 17:17, Vikentsy Lapa wrote: > Hello, all. > > I run simple seteuid programm which switch user context form user admin to user UserDom1. > > Programm output is > $ ./t_seteuid.exe > Process EUID: 11133 > seteuid failed:: Permission denied That's a Windows limitation. http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview Users in the administrators group don't have the right to switch the user context without providing a password. For method 1 (http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1) the user must hold the SE_CREATE_TOKEN_NAME privilege, for method 2 and 3 (http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd2 http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3) the user needs the SE_TCB_NAME privilege. These privileges are generally only given to the SYSTEM user. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple