delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2007/10/09/12:43:34

X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: pbs <pnews AT tiscali DOT co DOT uk>
Subject: Re: login winXP home edition
Date: Tue, 09 Oct 2007 17:27:41 +0100
Lines: 124
Message-ID: <fega5t$r30$1@victoria.lomarline.e7even.com>
References: <fdtp1u$g26$1 AT victoria DOT lomarline DOT e7even DOT com> <4e41f5c20710080913q770536bs1100d759681acd79 AT mail DOT gmail DOT com>
Mime-Version: 1.0
User-Agent: Thunderbird 2.0.0.5 (X11/20070727)
In-Reply-To: <4e41f5c20710080913q770536bs1100d759681acd79@mail.gmail.com>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Morgan Gangwere wrote:
> On 10/2/07, pbs <pnews AT someblokeintheukwantsananswer> wrote:
>> I am trying to get xdmcp to work on a winXP home edition machine. But
>> there are several issues that are cropping up. One of them can be
>> simplified by looking at problems with "login" from the command line prompt.
>>
> 
> Heres problem number One. WinXP Home = WinXP Pro - (service control +
> MultiLogin over network + real NT kernel)
> 
>> I have a number of Cygwin users and I have messed around with the
>> /etc/passwd file. The machine has a user called admin -- because the
>> administrator user does not seem to be available under XP home edition
>> other than in recovery mode etc.
>>
> 
> are you using mkpasswd and mkuser?

I was using mkpasswd. But I have solved my problem (sort of) It came
from reading these two posts
http://www.cygwin.com/ml/cygwin/2006-07/msg00587.html
Which led to bin/ssh-host-config
and http://www.cygwin.com/ml/cygwin/2006-07/msg00588.html

editrights -a SeAssignPrimaryTokenPrivilege -u username
editrights -a SeCreateTokenPrivilege -u username
editrights -a SeTcbPrivilege -u username
editrights -a SeServiceLogonRight -u username
editrights -a SeCreateGlobalPrivilege -u username
editrights -l -u $1

Then login from the user specified as username to any other ordinary
user works. So does "su -"

> Also, Administrator is availible under home for more that recovery
> mode -- look at TweakUI's user hiding, theres an option to allow
> Administrator to log in
>> Admin has administrator rights on the machine and I have altered the uid
>> to 0 in the /etc/passwd, so that it is root under Cygwin.
>>
> 
> bad idea? only root should be root.

It does not really matter. The trouble is that creating a Win 95 windows
account called root is not the best idea for network security as I do
not wish to have root mountable access to my samba servers.

> 
>> If I run login on the command from a bash command line prompt it works
>> for "login admin" and comes back with a "Last login:..." and "#",  but
>> for any other user it returns with
>>         Last login:..
>>         Login: no shell: /bin/bash: Permission denied
>> and looking at the log file I see the reason for the failure is
>>         CreateProcess failed, Win32 error 1314
>>
> 
> It may be that you are setting access permissions for /bin/bash wrong
> -- they should be rwxr-xr-x (744?) and belong to nobody.

The permissions are correct 755 it was never a problem with that it was
a problem with forking a new process.

>> Which is "A required privilege is not held by the client.
>> ERROR_PRIVILEGE_NOT_HELD" (see
>> http://help.netop.com/support/errorcodes/win32_error_codes.htm)
>>
>> I see from this posting "Re: "incorrect password" or "permission denied"
>> when switching users"
>> (http://cygwin.com/ml/cygwin/2004-02/msg00649.html) an explanation for
>> this behaviour. Including reading the
>> /usr/share/doc/Cygwin/openssh.README (which is not on my machine but was
>> available from http://pigtail.net/LRP/printsrv/openssh.README.txt
>>
>> Also  "Re: cygwin_logon_user() not working"
>> (http://cygwin.com/ml/cygwin/2003-07/msg00744.html)
>> http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID
>>
>>
>> I have tried putting admin and the other user into the same group in
>> /etc/passwd (including SYSTEM group).
>>
>> I have tried making the second user (lets call it USER2) admin in the
>> Windows XP Control panel->User Accounts, but that does not work either.
> 
> are you creating limited accounts or "administrator" accounts?
> 
>> I have tried to log on Administrator but can not do so other than in
>> safe mode. http://support.microsoft.com/kb/290109/EN-US/
>>
> 
> Have you tried using the Non-Graphical (username: password: Domain:) login?

yes.

>> I also saw this "logon as a service for XP home edition"
>> (http://www.cygwin.com/ml/cygwin/2003-03/msg01298.html)
>> Which suggests using ntrights which led me to "How to Set Logon User
>> Rights with the Ntrights.exe Utility"
>> (http://support.microsoft.com/kb/279664)
> 
> Never heard of it.
> 
>> This tool is available in rktooks "Windows Server 2003 Resource Kit
>> Tools"
>> http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en
>>
>> But before I alter the group permissions at the windows OS level with
>> ntrights, I would like some advise on what I am doing because as an old
>> UNIX and VMS hacker I understand the concepts in principle but I do not
>> want to drive a coach and horses through Microsoft's attempts to protect
>> the system for what is basically an application level problem.
>>
> 
> right.
> 
>> So any advice (or a URL to such advise) on how to set up a WinXP home
>> edition, to allow a Cygwin root user to use the login program to login
>> as another user would be appreciated. Regards pbs
>>
> 

Thanks for your help Morgan :-)



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019