Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <4.3.1.2.20020507105320.016eace0@pop.ma.ultranet.com>
X-Sender: lhall AT pop DOT ma DOT ultranet DOT com
Date: Tue, 07 May 2002 11:03:55 -0400
To: Mellman Thomas <Thomas DOT Mellman AT icn DOT siemens DOT de>,
   "'john AT vincent DOT as'" <john AT vincent DOT as>, YuriLeikind AT scnsoft DOT com
From: "Larry Hall (RFK Partners, Inc)" <lhall AT rfk DOT com>
Subject: RE: problem starting inetd as NT service
Cc: cygwin AT cygwin DOT com
In-Reply-To: <BE684E2C997AD51199530002A56B20796C364B@MCHH2A1E>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

At 08:38 AM 5/7/2002, Mellman Thomas wrote:
> >>-----Original Message-----
> >>From: john AT vincent DOT as [mailto:john AT vincent DOT as]
> >>Sent: Tuesday, May 07, 2002 1:50 PM
> >>To: YuriLeikind AT scnsoft DOT com
> >>Cc: cygwin AT cygwin DOT com
> >>Subject: Re: problem starting inetd as NT service
> >>
> >>
> >>.... (I assume you read the README file
> >>I mentioned earlier). Also if you're using the NTFS file
> >>system, you may also need to set the CYGWIN environment
> >>variable to "ntsec".
>
>
>I am also having problems getting the inetd services to run.
>
>Due to constraints poised by my employer, I guess, I'm having basic
>problems meeting the requirements:
>
>
> >  If you don't start inetd as service under LocalSystem but under
> >  another account, you have to [make sure] that that account has several
> >  user rights set in the user manager resp. local/domain security
> >  policy mmc snap in:
> >        "Act as part of the operating system"
> >        "Replace process level token"
> >        "Increase quotas"
> >        "Logon as a service"
> >  Note that administrators do not have all that user rights set
> >  by default!
>
>
>- I'm afraid I don't know what "mmc snap" means - ah, from google
>   I get something about microsoft management console tools ...
>   (I hope I won't have to become a Certified Microsoft Engineer...)


Me too! ;-)


>- I see that, under the control-panel -> services ->+ cygwin-inetd
>   I can choose between system account and 'this account'.  Default is
>   system account.  Why would I use "this account"?  Why would I use
>   the system account, or what problems lurk for me there?


Just use the "SYSTEM" account.  It's the default and gets you 
what you need.  It means you need to know a whole lot less.  You don't need
to play with the "mmc snap" mentioned above if you use "SYSTEM".


>- if I try to use "this account", I must enter a password.  Where
>   does this come from?  My own password does not seem to work.
>
>I probably won't ask these questions, except that my employer has
>got the security turned down pretty tight, so trying things out isn't
>very satisfactory.


Right.  So you probably only have the option of using "SYSTEM" as the account
anyway.



> >
> >  For all application started via NT/W2K service manager under
> >  LocalSystem account, the following restrictions apply:
> >
> >  - The environment variable CYGWIN must be either set in the system
> >    environment to be active from start on or you can set CYGWIN thru
> >    the registry:
> >    Under the key HKLM\Software\Cygnus Solutions\Cygwin\Program Options
> >    create a REG_SZ (String) named like the full DOS path to the application,
> >    eg. "C:\usr\bin\inetd.exe" and with the value equal to the preferred
> >    CYGWIN settings, eg "binmode tty ntsec".
>
>
>When I do that, I can't create files anymore.  My id is (clearly)
>uid=500(Administrator) gid=513(Kein) groups=513(Kein)
>
>- How do I get it to be otherwise?  Will I have to login in twice,
>   once to nt and once to cygwin?


I'd recommend just adding "ntsec" to the system version of the CYGWIN 
environment variable.  This will ensure that you're using ntsec both for
services and for interactive tasks, which is the best if you're using NTFS. 


>- I read somewhere that I need to put my RID in the GCOS field of
>   a password entry for me.  I couldn't find the RID in my registry.
>   Where can I find it?


The lack of this data in your /etc/passwd file is probably the reason you
are having permission problems with ntsec turned on.  Just run "mkpasswd"
again with the appropriate flags for your installation.  So long as it can
find your login name, it will add the appropriate information to your 
/etc/passwd file for you.



Larry Hall                              lhall AT rfk DOT com
RFK Partners, Inc.                      http://www.rfk.com
838 Washington Street                   (508) 893-9779 - RFK Office
Holliston, MA 01746                     (508) 893-9889 - FAX


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/