Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
Message-ID:	<3992613B.8B2339F0@cygnus.com>
Date:	Thu, 10 Aug 2000 10:00:59 +0200
From:	Corinna Vinschen <vinschen AT cygnus DOT com>
Reply-To:	cygwin <cygwin AT sources DOT redhat DOT com>
X-Mailer:	Mozilla 4.73 [en] (X11; I; Linux 2.2.14-SMP i686)
X-Accept-Language:	de, en
MIME-Version:	1.0
To:	Tom Alsberg <alsbergt AT netvision DOT net DOT il>
CC:	cygwin <cygwin AT sources DOT redhat DOT com>
Subject:	Re: root's UID
References:	<00c501c00258$c77d7740$28a6003e AT mellow> <3991DC91 DOT 73B7640A AT cygnus DOT com> <3991DF61 DOT 75974ABC AT cygnus DOT com> <010901c00265$90e45750$28a6003e AT mellow>

Tom Alsberg wrote:
> > > Set uid to 0. As long as you are using ntsec that's ok.
> 
> Well, on the beginning I had the problem of being logged in as 'everyone'
> when I started Cygwin, but then I replaced the two lines of 'root' and
> 'everyone', and it got me logged in as root. Now the question arises -
> doesn't that interfere with operations using the 'everyone' user? And, if
> 'everyone' has the UID of 0, isn't this some kind of a security leak? I
> mean, wouldn't that make (in some plane and sense) everyone a superuser? I
> don't understand much about Windows NT's security, but from what I recall,
> in Unix/Linux, only superusers have UID 0.

Everything below is valid with ntsec ON only:

Cygwin's UID has nothing to do with the SID in Windows. It's really
hard to explain so I mostly refer to the ntsec chapter in the docs.

The only important entry for windows is the SID. The uid and even
the user name are mapped to the windows user using the SID.

So change the passwd and group entries to whatever you want as long
as the S- and U- entries in pw_gecos respectively gr_passwd are correct.
The U- entry is needed only if you want to use a different Cygwin
user name than in Windows, say, root instead of administrator, and
if you want to login via sort of remote session (telnet, ssh, ftp).

Typically you should care for using each Cygwin uid/gid only once,
obviously.

> > > For more information read the ntsec chapter in the online
> > > documentation (http://sources.redhat.com/cygwin/docs.html).
> 
> I read it when I first downloaded Cygwin, and you're right, it is somehow
> explained there, I guess I just didn't completely understand everything on
> first read...

As I use to say: I'm working on NT security for more than a year and a
half and I'm learning new details each day. Nevertheless, a basic
understanding of what's going on in NT security is somewhat essential to
use all features, unfortunately.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin AT sources DOT redhat DOT com
Red Hat, Inc.
mailto:vinschen AT cygnus DOT com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

- Raw text -