Mail Archives: cygwin/2004/01/25/13:18:01
On Sun, Jan 25, 2004 at 10:47:15AM -0600, Layton Davis wrote:
> I know that there have been several mailings on this subject. And indeed
> the answer has been posted, but it is not stated clearly -- as in
> somebody asked about it again on 12 January, and it took me a day or so
> to figure out what I read and put it togeather.
>
> What I will do is describe the steps I took to make it work
>
> 1) I created a new group called "cygwin"
> 2) as an administrator I started the cygwin environent
> 3) at the cygwin prompt I typed the following command
> editrights.exe -u cygwin -a SeCreateGlobalPrivilege
> 4) add the cygwin group to those users who should be able to access cygwin
>
> The new privileges should be available to the users the next time they
> sign on.
>
> Also, if you only have 1 or 2 users who will need the cygwin
> environment, and you know that those users will not change, you may find
> it just as easy to skip the new group, and directly apply the privilege
> to the user profile(s). My experience has been that change is the norm,
> so I really would suggest using the group, as it is easier to maintain,
> and makes your intentions clear to any admin who would need to follow
> you on that system
What you describe was necessary up to Cygwin 1.5.5, but not with 1.5.6.
Under 1.5.6, Cygwin can be run from Terminal Services without the Create
Global Privilege. Users that do not have the privilege cannot interact with
other users (e.g. ps -a will only report the processes in the current session).
That mode of operation is more secure.
Pierre
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -