Mail Archives: cygwin/2003/04/04/15:50:25
Pierre
Yes the account of the test is SYSTEM.
I search on msdn and found a tiny explanation of how privileges are needed
to run the SeCreateTokenPrivilege api.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/se
curity/authorization_constants.asp
The page show the privilege "Create a token object". upsss
I create a new user named init, and assigned privileges "Act as part of the
operating system", "Create a token object", "Log on as service", and
"Replace a process level token" and the ssh and su with no password prompt
work!!!
I not understand what happened. In the documentation of openssh mentioned
the necessary privileges and not indicate "Create a token object" but
indicate "Increase quotas". This privileges not exists in my Windows .net
Well now setguid works in my Windows .net box.
Rodrigo
-----Mensaje original-----
De: cygwin-owner AT cygwin DOT com [mailto:cygwin-owner AT cygwin DOT com] En nombre de
Pierre A. Humblet
Enviado el: Viernes, 04 de Abril de 2003 04:36 p.m.
Para: Rodrigo Serra
CC: cygwin AT cygwin DOT com
Asunto: Re: su questions
Rodrigo Serra wrote:
>
> Pierre,
>
> I follow your instructions and su command fails with "access denied"
> message. Attached file is the output of strace.
>
> Rodrigo
>
2070 29565 [main] su 2316 seterrno_from_win_error:
/netrel/src/cygwin-1.3.22-1/winsup/cygwin/sec_helper.cc:340 windows error
1300
175 29740 [main] su 2316 geterrno_from_win_error: unknown windows error
1300, setting errno to
13
58 29798 [main] su 2316 set_process_privilege: -1 =
set_process_privilege
(SeCreateTokenPrivilege, 1)
65 29863 [main] su 2316 create_token: -1 = create_token ()
So on your machine, SYSTEM does not have SeCreateTokenPrivilege
That's unexpected. "id" was showing that you were running as SYSTEM
when you issued the su command. Correct?
Does any one know about the peculiarities of "Windows.NET
Server 2003" RC2 and how to enable this privilege?
Pierre
> -----Mensaje original-----
> De: cygwin-owner AT cygwin DOT com [mailto:cygwin-owner AT cygwin DOT com] En nombre de
> Pierre A. Humblet
> Enviado el: Viernes, 04 de Abril de 2003 11:40 a.m.
> Para: Rodrigo Serra
> CC: cygwin AT cygwin DOT com
> Asunto: Re: su questions
>
> Rodrigo Serra wrote:
> >
> > Pierre,
> >
> > The cygwin environment is binmode ntsec tty. This following string is
> > extracted from cygwin1.dll "1.3.22-dontuse-21". Windows is "Windows.NET
> > Server 2003" RC2.
> >
> > This happen only when try to use no password authentication.
> >
> OK, It may have to do with your version of Windows
> I need your help for some debugging
>
> 1) Edit /etc/passwd to
> a) remove the passwd of SYSTEM
> b) add a home directory for SYSTEM (e.g. /)
> c) add a shell for SYSTEM
> d) remove your password (uid 1003)
> 2) telnet localhost and login as SYSTEM
> It should let you in without password
> You are now running as SYSTEM, confirm with "id"
> 3) su yourself (uid 1003)
> If that fails:
> 4) strace -o trace su yourself
> and send me the trace
> 5) Put the SYSTEM password back if your machine is directly accessible.
>
> Pierre
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -