This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: Windows 2003
On Fri, Jul 11, 2003 at 09:04:08AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> >
> > > Also a piece of good news:
> > > http://cygwin.com/ml/cygwin/2003-04/msg00460.html
> > >
> > > Giving the Create Token privilege seems to work, at least on some
> > > 2003 systems.
> >
> > I still don't trust that statement. It's in pure contrast to the
> > given proof that SeCreateTokenPrivilege isn't in the token. I'm
> > not convinced. *If* he's right though, we would have to carefully
> > examine the differences in token creation since 1.3.1...
>
> OK, but he had created a new account with that privilege.
I didn't see that in the whole thread. I asked about this stuff at
least twice. He wrote he's running sshd under SYSTEM.
> Great, it looks like everything is OK. The privileged user
> probably also needs the new 2003 privilege SeImpersonatePrivilege.
> Can you check what happens when it's missing?
The privilege is given to all admins by default. I'm somewhat
reluctant to remove it from the admins group.
> So we are back to my initial question: the privileged account won't
> have uid == ROOT_UID (18). Shouldn't Cygwin provide a method to
> determine if an account is privileged?
> One possibility is to use cygwin_internal(). I would have it return
> the current uid if it is privileged, and -1 if it isn't. That way
> porters could define a macro ROOT_UID = cygwin_internal(CW_ISPRIV)
> and keep the usual test getuid() == ROOT_UID.
Personally I'd better like to create a uid 0 account as in my example
given in the other mail I've send a few minutes ago. It would make
porting more easy.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.