Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <3F66EC0E.1EB2422B@dessent.net>
Date: Tue, 16 Sep 2003 03:55:10 -0700
From: Brian Dessent <brian AT dessent DOT net>
Organization: My own little world...
X-Accept-Language: en,en-US
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Manipulating user privileges (was Re: SSHD, Cygwin and Windows 2003)
References: <1063654188 DOT 1917 DOT 126 DOT camel AT localhost> <20030916101310 DOT GP9981 AT cygbert DOT vinschen DOT de>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Note-from-DJ: This may be spam

Corinna Vinschen wrote:

> Btw., the ssh-host-config already creates the sshd account, that's easy
> from the command line.  But creating a useful sshdproc account as above
> requires to be able to set user privileges like the famous "Create a
> token object" privilege.  Does anybody know a way how to do this on the
> command line which would allow ssh-host-config to do the above more or
> less automagically?  If such a command line tool doesn't exist as part
> of NT/2K/XP/03, would anybody be willing to create a simple command line
> tool for inclusion in Cygwin?  It would be sufficient if that tool could
> manipulate the above user privileges of an already existing user account.

The Resource Kit from MS contains the tool "Ntrights.exe" which looks
like it can do this:

$ ./Ntrights.exe 
NTRights.Exe - Beta Version by Georg Zanzen
Grants/Revokes NT-Rights to a user/group
usage: -u xxx  User/Group
       -m \\xxx  machine to perform the operation on (default local
machine)
       -e xxxxx Add xxxxx to the event log
       -r xxx  revokes the xxx right
       +r xxx  grants the xxx right
valid NTRights are:
  SeCreateTokenPrivilege
  SeAssignPrimaryTokenPrivilege
  SeLockMemoryPrivilege
  SeIncreaseQuotaPrivilege
  SeUnsolicitedInputPrivilege
  SeMachineAccountPrivilege
  SeTcbPrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeLoadDriverPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeProfileSingleProcessPrivilege
  SeIncreaseBasePriorityPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeBackupPrivilege
  SeRestorePrivilege
  SeShutdownPrivilege
  SeAuditPrivilege
  SeSystemEnvironmentPrivilege
  SeChangeNotifyPrivilege
  SeRemoteShutdownPrivilege

I don't know exactly what the license or distribution policy is for
resource kit tools.  Microsoft wants you to buy their "Admin Pack" or
whatever it's called with all the tools on CD.  They offer some of them
on their site for download at
<http://www.microsoft.com/windows2000/techinfo/reskit/tools/default.asp>,
however you can find the the omitted ones like Ntrights.exe at other
places like <http://www.petri.co.il/download_free_reskit_tools.htm>.  As
far as inclusion with Cygwin, I have no idea if that would be legit or
not.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/