Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Wed, 13 Nov 2002 15:08:28 -0500 From: Jason Tishler Subject: Welcome back su? (was Re: New sysvinit package ...) In-reply-to: <20021111223928.7ED131BF30@redhat.com> To: cygwin AT cygwin DOT com Mail-followup-to: cygwin AT cygwin DOT com Message-id: <20021113200828.GA800@tishler.net> MIME-version: 1.0 Content-type: multipart/mixed; boundary="Boundary_(ID_GwM9iYxAz2t+OB0y6+Nl4Q)" User-Agent: Mutt/1.4i References: <20021111223928 DOT 7ED131BF30 AT redhat DOT com> --Boundary_(ID_GwM9iYxAz2t+OB0y6+Nl4Q) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline On Mon, Nov 11, 2002 at 05:39:28PM -0500, Sergey Okhapkin wrote: > New cygwin sysvinit package available for download. Init is the parent > of all unix processes. Its primary role is to create processes from a > script stored in the file /etc/inittab (see inittab(5)). This file > usually has entries which cause init to spawn gettys on each line that > users can log in. It also controls autonomous processes required by any > particular system. Since Sergey has contributed sysvinit, should su be "welcomed" back to the sh-utils package? I'm suggesting this because some rc scripts (e.g., PostgreSQL's) need su to function properly. I understand that su requires special Windows privileges in order to successfully setuid(). Maybe patching su to abort with the following error message: su: Currently only supported when run under the LocalSystem account. when not run under the LocalSystem account is sufficient to help minimize the mailing list support burden? Anyway with the attached (quick) patch to su, I was able to start up PostgreSQL using the standard PostgreSQL rc script via init with it ultimately running under a "postgres" account. Jason P.S. Note that the patch is a starting point -- not a finished product. -- PGP/GPG Key: http://www.tishler.net/jason/pubkey.asc or key servers Fingerprint: 7A73 1405 7F2B E669 C19D 8784 1AFD E4CC ECF4 8EF6 --Boundary_(ID_GwM9iYxAz2t+OB0y6+Nl4Q) Content-type: text/plain; charset=us-ascii; NAME=su.c.diff Content-transfer-encoding: 7BIT Content-disposition: attachment; filename=su.c.diff --- su.c.orig 2002-11-13 13:05:32.000000000 -0500 +++ su.c 2002-11-13 13:07:53.000000000 -0500 @@ -226,7 +226,7 @@ log_su (const struct passwd *pw, int suc const char *new_user, *old_user, *tty; # ifndef SYSLOG_NON_ROOT - if (pw->pw_uid) + if (pw->pw_uid != 18) return; # endif new_user = pw->pw_name; @@ -284,7 +284,7 @@ correct_password (const struct passwd *p #endif correct = pw->pw_passwd; - if (getuid () == 0 || correct == 0 || correct[0] == '\0') + if (getuid () == 18 || correct == 0 || correct[0] == '\0') return 1; unencrypted = getpass (_("Password:")); @@ -331,7 +331,7 @@ modify_environment (const struct passwd { xputenv (concat ("HOME", "=", pw->pw_dir)); xputenv (concat ("SHELL", "=", shell)); - if (pw->pw_uid) + if (pw->pw_uid != 18) { xputenv (concat ("USER", "=", pw->pw_name)); xputenv (concat ("LOGNAME", "=", pw->pw_name)); @@ -553,7 +553,7 @@ main (int argc, char **argv) if (shell == 0 && change_environment == 0) shell = getenv ("SHELL"); - if (shell != 0 && getuid () && restricted_shell (pw->pw_shell)) + if (shell != 0 && getuid () != 18 && restricted_shell (pw->pw_shell)) { /* The user being su'd to has a nonstandard shell, and so is probably a uucp account or has restricted access. Don't --Boundary_(ID_GwM9iYxAz2t+OB0y6+Nl4Q) Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ --Boundary_(ID_GwM9iYxAz2t+OB0y6+Nl4Q)--