Mail Archives: cygwin/2006/01/06/00:27:15

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2006/01/06/00:27:15

X-Spam-Check-By: sourceware.org

Message-ID: <43BDFFA8.A3A8250@dessent.net>

Date: Thu, 05 Jan 2006 21:27:04 -0800

From: Brian Dessent <brian AT dessent DOT net>

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: 'su' no longer working?

References: <Pine DOT GSO DOT 4 DOT 63 DOT 0601051732360 DOT 5388 AT slinky DOT cs DOT nyu DOT edu> <43BDF429 DOT 5050206 AT byu DOT net> <dpktus$nom$1 AT sea DOT gmane DOT org>

X-IsSubscribed: yes

Reply-To: cygwin AT cygwin DOT com

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Joe Smith wrote:

> For passworded user switching:
> SE_ASSIGNPRIMARYTOKEN_NAME &&
> SE_INCREASE_QUOTA_NAME &&
> SE_TCB_NAME

for pr in AssignPrimaryToken IncreaseQuota Tcb; do 
    editrights -a Se${pr}Privilege -u user
done

> For passwordless user switching:
> SE_CREATE_TOKEN_NAME &&
> SE_ASSIGNPRIMARYTOKEN_NAME &&
> SE_INCREASE_QUOTA_NAME

for pr in CreateToken AssignPrimaryToken IncreaseQuota; do 
    editrights -a Se${pr}Privilege -u user
done

> You should not cripple to program to being usable only on the system
> account.
> It is very much possible to give a user those privleges, and easy on XP pro
> via the group policy editor (according to microsoft. I've never tried it.)

It was for this very reason (command-line automated privilege
manipulation) that editrights was written and placed in the 'base'
Cygwin install so that *-config scripts can use it for creating services
that run as non-SYSTEM accounts.

Brian


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Spam-Check-By:	sourceware.org
Message-ID:	<43BDFFA8.A3A8250@dessent.net>
Date:	Thu, 05 Jan 2006 21:27:04 -0800
From:	Brian Dessent <brian AT dessent DOT net>
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: 'su' no longer working?
References:	<Pine DOT GSO DOT 4 DOT 63 DOT 0601051732360 DOT 5388 AT slinky DOT cs DOT nyu DOT edu> <43BDF429 DOT 5050206 AT byu DOT net> <dpktus$nom$1 AT sea DOT gmane DOT org>
X-IsSubscribed:	yes
Reply-To:	cygwin AT cygwin DOT com
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com