| delorie.com/archives/browse.cgi | search |
| X-Spam-Check-By: | sourceware.org |
| Message-ID: | <44BA7394.5000209@cygwin.com> |
| Date: | Sun, 16 Jul 2006 13:12:52 -0400 |
| From: | "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| User-Agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060112 Fedora/1.5-1.fc4.remi Thunderbird/1.5 Mnenhy/0.7.4.0 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: inetd help |
| References: | <03D3B32F0D0D024791C1EE97D087E90907779E66 AT EXCH01 DOT purdue DOT lcl> <20060714140557 DOT GJ8759 AT calimero DOT vinschen DOT de> <loom DOT 20060716T183153-524 AT post DOT gmane DOT org> <e9drnv$fup$1 AT sea DOT gmane DOT org> |
| In-Reply-To: | <e9drnv$fup$1@sea.gmane.org> |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Andrew DeFaria wrote: > Robert McGraw wrote: >> Thanks Corinna and the gmane.os.cygwin group. I got my service running >> from the above help. >> >> I am not a window type guy and so have a few question on what I did: >> >> What make sshd_server account so special? I looked through the >> ssh-host-script where it creates the sshd_server. Is it the SID >> S-1-5-32-544, which I know nothing about. Or could any user in the >> administrator group do the same. >> >> If I wanted to create my own -u user, rather then the sshd_server >> user, what special settings would be required or is that I have a >> password set for this user which inetd uses? >> > I think it's the following section: > > editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server && > editrights -a SeCreateTokenPrivilege -u sshd_server && > editrights -a SeDenyInteractiveLogonRight -u sshd_server && > editrights -a SeDenyNetworkLogonRight -u sshd_server && > editrights -a SeDenyRemoteInteractiveLogonRight -u > sshd_server && > editrights -a SeIncreaseQuotaPrivilege -u sshd_server && > editrights -a SeServiceLogonRight -u sshd_server && > sshd_server_got_all_rights="yes" > > which bestows the necessary rights to the sshd_server user. > Actually it's just the calls to "editrights" that are necessary. 'SeCreateTokenPrivilege' is the right taken away from SYSTEM in W2K3, thus necessitating the need for this new sshd_server to be created. The only caution I would offer in all of this is that the OP not create multiple users with this set of permissions, since it opens potential security holes. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |