Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <3E8DF756.64918AEC@ieee.org>
Date: Fri, 04 Apr 2003 16:21:26 -0500
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: Rodrigo Serra <rmserra AT fibertel DOT com DOT ar>
CC: cygwin AT cygwin DOT com
Subject: Re: su questions
References: <000001c2faeb$d031ac10$0102a8c0 AT rmserra DOT com DOT ar>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Rodrigo Serra wrote:
> 
> Pierre
> 
> I create a new user named init, and assigned privileges "Act as part of the
> operating system", "Create a token object", "Log on as service", and
> "Replace a process level token" and the ssh and su with no password prompt
> work!!!
> 
> I not understand what happened. In the documentation of openssh mentioned
> the necessary privileges and not indicate "Create a token object" but
> indicate "Increase quotas". This privileges not exists in my Windows .net
> 
> Well now setguid works in my Windows .net box.

Great. I don't think you need "Act as part of the operating system",
try removing it to increase security and let us know.
According to MS "Increase Quota" is needed for CreateProcessAsUser
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/createprocessasuser.asp>
but your box seems to be special.

Pierre

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/