X-Spam-Check-By: sourceware.org
Date: Sat, 17 Jun 2006 13:56:14 -0400 (EDT)
From: Igor Peshansky <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Stephen Grant Brown <s_g_brown AT aapt DOT net DOT au>
cc: cygwin AT cygwin DOT com
Subject: Re: Running as root
In-Reply-To: <002101c69200$3887d880$ec8b443d@elshaddai>
Message-ID: <Pine.GSO.4.63.0606171347240.25057@access1.cims.nyu.edu>
References: <002101c69200$3887d880$ec8b443d AT elshaddai>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Sat, 17 Jun 2006, Stephen Grant Brown wrote:

> Hi There
>
> I would like to run programs as root, which means the userid and group
> need to be set to 0, and the name needs to = root.
>
> I have looked through the ntsec.html document and I afraid it is too
> complicated for me to understand.
>
> Can somebody explain how to do this to me in a more simplified format
> please?

That depends on what you want to do.  If you are sure your login account
has enough privileges, and you simply have a program that non-portably
checks whether you're running as root (and you don't have the ability to
properly fix the program), you can read the following section of the above
document: <http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-sids>.  It
also helps to know that it's ok to have multiple entries in the passwd
file for the same user -- forward lookups by SID find the first entry with
that SID, and reverse lookups by user will find any entry with that
username/userid.  So you can simply add an entry for
"root::0:513:YOURSID:...", and make sure it precedes the actual entry for
your account, and any program checking your effective userid (e.g., "id")
will show you as "root" with UID of 0.

If you really do need to do root'y stuff, e.g., switch user contexts, etc,
then read <http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-switch> and
Google for "SYSTEM-owned bash shell" to see how to start processes as
SYSTEM (sshd doesn't let you switch to SYSTEM, unfortunately, unless you
use public key authentication, as you normally don't know and have no
control over the password for SYSTEM).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/