X-Spam-Check-By: sourceware.org Message-ID: <43BDFFA8.A3A8250@dessent.net> Date: Thu, 05 Jan 2006 21:27:04 -0800 From: Brian Dessent MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: 'su' no longer working? References: <43BDF429 DOT 5050206 AT byu DOT net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Reply-To: cygwin AT cygwin DOT com Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Joe Smith wrote: > For passworded user switching: > SE_ASSIGNPRIMARYTOKEN_NAME && > SE_INCREASE_QUOTA_NAME && > SE_TCB_NAME for pr in AssignPrimaryToken IncreaseQuota Tcb; do editrights -a Se${pr}Privilege -u user done > For passwordless user switching: > SE_CREATE_TOKEN_NAME && > SE_ASSIGNPRIMARYTOKEN_NAME && > SE_INCREASE_QUOTA_NAME for pr in CreateToken AssignPrimaryToken IncreaseQuota; do editrights -a Se${pr}Privilege -u user done > You should not cripple to program to being usable only on the system > account. > It is very much possible to give a user those privleges, and easy on XP pro > via the group policy editor (according to microsoft. I've never tried it.) It was for this very reason (command-line automated privilege manipulation) that editrights was written and placed in the 'base' Cygwin install so that *-config scripts can use it for creating services that run as non-SYSTEM accounts. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/