| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sources.redhat.com/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Date: | Sun, 13 Jul 2003 19:24:56 -0500 |
| From: | msg <michael DOT grigoni AT cybertheque DOT org> |
| Subject: | Re: cygwin_logon_user() not working |
| To: | cygwin AT cygwin DOT com |
| Message-id: | <3F11F858.A42285AD@cybertheque.org> |
| Organization: | Cybertheque Museum |
| MIME-version: | 1.0 |
| X-Accept-Language: | en |
Problem solved; details for the archives (see below):
> > We don't have any native Win2k/NT debugging or development tools;
> > what can we do to troubleshoot this?
> >
First, the necessary privileges were assigned to the 'root' user
account in Win2K's local security policy GUI (this was the first
thing done before testing); the GUI was closed and reopened to
verify that they were set and showing as 'effective' also.
Then doing 'net searches we downloaded 'whoami.exe' 'gpresult.exe'
from the Win2K reskit and 'ntrights.exe' from the Win2003 reskit;
whoami /priv running as user 'root' DIDN'T EVEN SHOW these privs:
SeTcbPrivilege
SeCreateTokenPrivilege
SeCreatePermanentPrivilege
They DIDN'T exist for the account (set or not set) even though
the GUI shows them and shows them as SET.
Running 'gpresult /v" lists privileges and also omits any reference
to the above three privs.
Running 'ntrights /u root +r SeTcbPrivilege' returns a message
...successful; 'whoami /priv' still shows no such privilege.
Then I wondered if some domain policy issue was intervening; this
host is on a LanManager 2.0 domain and doesn't grok LM announces
properly. However it was not currently a part of any WinNT domain
and not subject to domain group policy.
So, now being stumped thoroughly, I ended the Terminal Server session
I had started some many days ago (all the development work on this
host is done through TS from an X-terminal) so that I could login
as a different user. Lo and Behold the privileges suddenly appeared
in the root account and in other accounts.
I would suggest adding a warning in the Cygwin users' guide and FAQ
to 'log out and login again -- especially if working from a TS
session' after setting the necessary privileges for setuid NT
security.
The test program now works and creates a file owned by the setuid'ed
user.
Michael Grigoni
Cybertheque Museum
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |