Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Date: Fri, 28 Nov 2003 16:08:00 +0100 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: setreuid Message-ID: <20031128150800.GD4259@cygbert.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <20031015105210.GF18774@ata.cs.hacettepe.edu.tr> <20031016103723.GA5542@ata.cs.hacettepe.edu.tr> <20031016125317.GB5542@ata.cs.hacettepe.edu.tr> <20031016142337.GC5542@ata.cs.hacettepe.edu.tr> <20031017135231.GA12904@ata.cs.hacettepe.edu.tr> <20031017135203.GU25076@cygbert.vinschen.de> <20031128120627.GC21415@ata.cs.hacettepe.edu.tr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031128120627.GC21415@ata.cs.hacettepe.edu.tr> User-Agent: Mutt/1.4.1i On Fri, Nov 28, 2003 at 02:06:29PM +0200, Baurjan Ismagulov wrote: > After some thinking I decided to keep the setup as simple as possible, > and not to use inetd. So, I have the following options: > > 1. Patch the server not to use setreuid, install it as a service and run > it as SYSTEM. That's ok. > 2. Install the server as a service, give the SYSTEM user "Create a token > object" privilege and let the server setreuid to nobody. That won't work at all. SYSTEM already has the privilege but on 2003 it gets revoked the privilege when running services. > 3. Install the server as a service to be run as nobody or as a special > user just for this service (say, "tftp"). Best solution. If there's a chance to run stuff under a non-priv'd account, just do it. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin@cygwin.com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/