X-Spam-Check-By: sourceware.org
Date: Fri, 24 Feb 2006 11:25:41 -0500 (EST)
From: Igor Peshansky <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Dave Korn <dave DOT korn AT artimi DOT com>
cc: cygwin AT cygwin DOT com
Subject: RE: proftpd + mod_tsl + cygwin under win2003
In-Reply-To: <008701c6395d$cee650a0$a501a8c0@CAM.ARTIMI.COM>
Message-ID: <Pine.GSO.4.63.0602241122530.18478@access1.cims.nyu.edu>
References: <008701c6395d$cee650a0$a501a8c0 AT CAM DOT ARTIMI DOT COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Fri, 24 Feb 2006, Dave Korn wrote:

> On 24 February 2006 16:07, Igor Peshansky wrote:
>
> > On Fri, 24 Feb 2006, Dave Korn wrote:
> >
> >> On 24 February 2006 15:24, Tyler Durden wrote:
> >>
> >>> server (client.domain.com[10.0.0.28]) -
> >>> PRIVS_RELINQUISH: unable to seteuid(PR_ROOT_UID):
> >>> Permission denied
> >>
> >>   Looks a lot like you will need to set up a specialised user a/c for
> >> the service to run under so that you can grant it the "Create a token
> >> object" privilege.  See
> >>
> >> http://www.cygwin.com/cygwin-ug-net/ntsec.html#ntsec-switch
> >
> > Also, see /usr/share/doc/Cygwin/openssh.README (seems unrelated, I know).
> >
> > It would probably be a good idea to have a proftpd-host-config (similar to
> > ssh-host-config) that sets up that specialized user automatically when
> > needed.
>
>   "When needed", in this case, would be "When doing a non-standard
> install from home-built sources and not using the cygwin packaged
> version at all"..... so I don't think adding a script to the package
> would help!  (Of course, if the package maintainer ever wants to start
> building with mod_tls enabled rather than disabled, this would change.)

Nope, "when needed" means on Win2k3, where SYSTEM doesn't have enough
privileges to switch the effective userid.  Any program/package that needs
to perform such a switch would benefit from a config script.

The fact that nobody else complained so far means that either nobody else
tried installing proftpd as a service on Win2k3, or that the people who
did were diligent enough to read the Cygwin documentation (gasp!).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/