Mail Archives: cygwin/2003/10/16/11:52:29
On Thu, Oct 16, 2003 at 05:23:39PM +0300, Baurjan Ismagulov wrote:
> On Thu, Oct 16, 2003 at 13:19:29, Corinna Vinschen wrote:
> > No, that's not right. The German term for "increase quotas" is
> > "Anpassen von Speicherkontingenten fuer einen Prozess" (at least on
> > 2003 Server). "Erstellen eines Tokenobjekts" is German for "Create
> > a token object".
>
> Hmmm, the document you pointed to mentions "act as part of the operating
> system", "replace process level token" and "increase quotas". Now I have
> the following privileges granted:
>
> Einsetzen als Teil des Betriebssystems ZAISAN\ibr
> Ersetzen eines Tokens auf Prozessebene ZAISAN\ibr
> Anpassen von Speicherkontingenten f?r einen Prozess Administratoren
> Erstellen eines Tokenobjekts -
>
> ibr is a member of Administratoren.
>
> Logout, login, tftpd. The result is: setreuid(1012, 1012) = -1 EPERM.
> This works if I grant "Erstellen eines Tokenobjekts" to ZAISAN\ibr. What
> is going on?
That's correct. Did you read http://cygwin.com/cygwin-ug-net/ntsec.html?
Btw., if you're planning to use that account as logon account, don't
give these rights to that account. That's very dangerous. Start a
service under system account as inetd and let it handle the user context
switch.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -