Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Fri, 28 Nov 2003 16:08:00 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: setreuid
Message-ID: <20031128150800.GD4259@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20031015105210 DOT GF18774 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016103723 DOT GA5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016125317 DOT GB5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016142337 DOT GC5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031017135231 DOT GA12904 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031017135203 DOT GU25076 AT cygbert DOT vinschen DOT de> <20031128120627 DOT GC21415 AT ata DOT cs DOT hacettepe DOT edu DOT tr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031128120627.GC21415@ata.cs.hacettepe.edu.tr>
User-Agent: Mutt/1.4.1i

On Fri, Nov 28, 2003 at 02:06:29PM +0200, Baurjan Ismagulov wrote:
> After some thinking I decided to keep the setup as simple as possible,
> and not to use inetd. So, I have the following options:
> 
> 1. Patch the server not to use setreuid, install it as a service and run
>    it as SYSTEM.

That's ok.

> 2. Install the server as a service, give the SYSTEM user "Create a token
>    object" privilege and let the server setreuid to nobody.

That won't work at all.  SYSTEM already has the privilege but on 2003
it gets revoked the privilege when running services.

> 3. Install the server as a service to be run as nobody or as a special
>    user just for this service (say, "tftp").

Best solution.  If there's a chance to run stuff under a non-priv'd
account, just do it.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/