Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Fri, 17 Oct 2003 16:52:34 +0300 From: Baurjan Ismagulov To: cygwin AT sources DOT redhat DOT com Subject: Re: setreuid Message-ID: <20031017135231.GA12904@ata.cs.hacettepe.edu.tr> Mail-Followup-To: cygwin AT sources DOT redhat DOT com References: <20031015105210 DOT GF18774 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016103723 DOT GA5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016125317 DOT GB5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016142337 DOT GC5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031016142337.GC5542@ata.cs.hacettepe.edu.tr> User-Agent: Mutt/1.5.4i Hello, Corinna. On Thu, Oct 16, 2003 at 15:50:59, Corinna Vinschen wrote: > > This works if I grant "Erstellen eines Tokenobjekts" to ZAISAN\ibr. What > > is going on? > That's correct. Did you read http://cygwin.com/cygwin-ug-net/ntsec.html? The problem is not to read, the problem is to understand :) . I had thought that the first three privileges were enough to change user with setreuid alone without a password. > Btw., if you're planning to use that account as logon account, don't > give these rights to that account. That's very dangerous. Because of possible privilege escalation, or are there any other implications? > Start a > service under system account as inetd and let it handle the user context > switch. Thanks for the tip, I'll do so. With kind regards, Baurjan. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/