X-Spam-Check-By: sourceware.org Date: Tue, 20 Jun 2006 19:27:15 -0400 (EDT) From: Igor Peshansky Reply-To: cygwin AT cygwin DOT com To: Stephen Grant Brown cc: cygwin AT cygwin DOT com Subject: Re: Running as root In-Reply-To: <001401c694ba$f39c9130$7e8f443d@elshaddai> Message-ID: References: <002101c69200$3887d880$ec8b443d AT elshaddai> <001401c694ba$f39c9130$7e8f443d AT elshaddai> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Wed, 21 Jun 2006, Stephen Grant Brown wrote: > Hi All > ----- Original Message ----- > From: "Igor Peshansky" > To: "Stephen Grant Brown" > Cc: (yes, even your own). Let's not feed the spammers any more than we have to. > Sent: Sunday, June 18, 2006 3:56 AM > Subject: Re: Running as root > > > On Sat, 17 Jun 2006, Stephen Grant Brown wrote: > > > Hi There > > > > > > I would like to run programs as root, which means the userid and > > > group need to be set to 0, and the name needs to = root. > > > > > > I have looked through the ntsec.html document and I afraid it is too > > > complicated for me to understand. > > > > > > Can somebody explain how to do this to me in a more simplified > > > format please? > > > > That depends on what you want to do. If you are sure your login > > account > I want to run backup and restore programs, and also a program which will > tell me which files have changed to make a program stop working. Let's start with the concrete programs you have in mind. How do you even know they'll run under Cygwin? If they are not Cygwin programs, setting up a root account in Cygwin would be useless. What makes you think they require being root to run them? > > has enough privileges, and you simply have a program that non-portably > How do I determine if my login account has enoungh priverledges? Umm, trying to run the actual programs and succeeding should be a good enough indicator. > I know my default login account of stephen does not have a uid and gid > of 0. I cannot login to administrator. Having a UID of 0 is not going to get you more privileges (just like calling yourself John Howard won't make you the prime minister). As the NTSEC page explains, the UID is a Cygwin thing, whereas the privileges are determined by Windows. That's why I suggested first trying to run the programs. > > checks whether you're running as root (and you don't have the ability > > to properly fix the program), you can read the following section of > > the above document: > > . It > > The third line of the above reference reads > > Both files may now contain SIDs of users and groups. They are saved in > the last field of pw_gecos in /etc/passwd and in the gr_passwd field in > /etc/group. > > What is a SID? > What is pw_gecos? > > Typing "man -a passwd" does not tell the fields in the /etc/passwd Before you go to the trouble of learning about the /etc/passwd file, find out if all this is even needed for you to run the programs you want. If it turns out that the programs you want are broken and check specifically for a UID of 0 before they can run, you can go on with the root account setup, as described below. The first part of the NTSEC page talks about what SID is, so I'm not going to bother reproducing that here. Just read . As for finding out what pw_gecos (and the structure of /etc/passwd) is, did you try Google? Searching for "man /etc/passwd" turns up lots of useful links. > > also helps to know that it's ok to have multiple entries in the passwd > > file for the same user -- forward lookups by SID find the first entry > > with that SID, and reverse lookups by user will find any entry with > > that username/userid. So you can simply add an entry for > > "root::0:513:YOURSID:...", and make sure it precedes the actual entry > > for > > What is the rest of this "root::0:513:..." line? As mentioned on the NTSEC page, the rest of the "root::0:513:..." line is identical to the line that corresponds to your userid. Simply copy the line that starts with your userid (to some line above it), change your userid to "root" in that new line, then change the UID field (after the second ':') to 0, and voila! You can leave in the "unused_by_nt/2000/xp" in the password field as-is, or delete it -- doesn't matter, since it really is unused. > > your account, and any program checking your effective userid (e.g., > > "id") will show you as "root" with UID of 0. > > > > If you really do need to do root'y stuff, e.g., switch user contexts, > > etc, then read > > and Google > > for "SYSTEM-owned bash shell" to see how to start processes as SYSTEM > > (sshd doesn't let you switch to SYSTEM, unfortunately, unless you use > > public key authentication, as you normally don't know and have no > > control over the password for SYSTEM). > > Thanks for your understanding. I am still finding a lot of this advice > too complicated for my simple brain. If you want to do something more complex than fooling a broken program into thinking that you're root, you might need to learn more about how Windows privileges work. Google, as always, is your friend, and discussion like this is probably off-topic for this list. HTH, Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!) |,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte." "But no -- you are no fool; you call yourself a fool, there's proof enough in that!" -- Rostand, "Cyrano de Bergerac" -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/