Mail Archives: cygwin/2006/01/06/00:08:40
"Eric Blake" <ebb9 AT byu DOT net> wrote in message
news:43BDF429 DOT 5050206 AT byu DOT net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> According to Igor Peshansky on 1/5/2006 3:37 PM:
>> Hi,
>>
>> 'su' used to be an executable that worked correctly from a SYSTEM-owned
>> shell, but now it's a shell script that simply prints a "not supported"
>> message. Is it possible to resurrect the old "su" executable (that
>> perhaps prints the same message if run from a non-SYSTEM account)?
>
> Coreutils certainly builds an su executable, but the cygwin distro of su
> has been a script since at least 5.2.1 when Corinna was the maintainer; I
> only enhanced the script to be a little more useful. I'll see what I can
> do about getting the executable built and running, but no promise on a
> timeline; is there any easy run-time test as to whether the current user
> is SYSTEM and should try to perform user switching, vs. normal users to
> print a warning message that su is relatively useless under cygwin/Windows
> semantics?
Well just check that the app has appropriate priveleges.
(Only the app actually needs them, the user running the app does not
nessisaryally need them)
For passworded user switching:
SE_ASSIGNPRIMARYTOKEN_NAME &&
SE_INCREASE_QUOTA_NAME &&
SE_TCB_NAME
For passwordless user switching:
SE_CREATE_TOKEN_NAME &&
SE_ASSIGNPRIMARYTOKEN_NAME &&
SE_INCREASE_QUOTA_NAME
This is all documented in:
http://cygwin.com/cygwin-ug-net/ntsec.html
You should not cripple to program to being usable only on the system
account.
It is very much possible to give a user those privleges, and easy on XP pro
via the group policy editor (according to microsoft. I've never tried it.)
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -