Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Info: This message was accepted for relay by
	smtp03.mrf.mail.rcn.net as the sender used SMTP authentication
X-Trace: UmFuZG9tSVaItqSXqkLCgOcMTQzOgRRLtQ3Gj3EgIllQvuQMuVVc7c1K9zEUuPLj
Message-ID: <3EF0B461.8030204@cygwin.com>
Date: Wed, 18 Jun 2003 14:50:09 -0400
From: Larry Hall <cygwin-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ross Presser <rpresser AT imtek DOT com>
CC: cygwin AT cygwin DOT com
Subject: Re: About the 'su' command
References: <20030617232103 DOT 79106 DOT qmail AT web10102 DOT mail DOT yahoo DOT com> <3EEFA434 DOT 90409 AT cygwin DOT com> <Xns939E74DDE5549pt101594 AT 80 DOT 91 DOT 224 DOT 249>
In-Reply-To: <Xns939E74DDE5549pt101594@80.91.224.249>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Ross Presser wrote:

> Larry Hall <cygwin-lh AT cygwin DOT com> wrote in news:3EEFA434 DOT 90409 AT cygwin DOT com:
> 
> 
>>>Do you know "someone" on an XP station that has more powers than the
>>>Administrator or an Administrators member ?
>>
>>
>>Certainly.  SYSTEM.  But I'd highly recommend using ssh instead of
>>su.  That way you don't have to create a user with privileges that
>>opens a security hole just so you can su.  Of course, you can do
>>so if you prefer.
> 
> 
> SYSTEM doesn't have the power to use network resources, does it?
> 


As Corinna pointed out very well in this thread, access to network
resources is controlled by Windows authentication.  SYSTEM has the
permissions that allow it to switch user context, and doing so may or may
not include authentication.  But I was answering your question about which
ID has permissions (by default) to change to a new user ID.  Network
resource access is a different, though related, issue.


-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/