X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=0.8 required=5.0	tests=BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SARE_FREE_WEBM_LAPOSTE,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL,UPPERCASE_50_75
X-Spam-Check-By: sourceware.org
Message-ID: <4C40BFB9.9060208@laposte.net>
Date: Fri, 16 Jul 2010 22:23:21 +0200
From: Cyrille Lefevre <cyrille DOT lefevre-lists AT laposte DOT net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: runas, su, sudo
References: <i1nk62$kii$1 AT dough DOT gmane DOT org> <AANLkTilrTAuqHf7l_h3oJ6TxnJxBGYil8xcodn6yZa1t AT mail DOT gmail DOT com>
In-Reply-To: <AANLkTilrTAuqHf7l_h3oJ6TxnJxBGYil8xcodn6yZa1t@mail.gmail.com>
Content-Type: multipart/mixed; boundary="------------060008070802020405070804"
X-me-spamlevel: not-spam
X-me-spamrating: 36.000000
X-me-spamcause:  OK, (-100)(0000)gggruggvucftvghtrhhoucdtuddrvdeliedrtdeiucetggdotefuucfrrhhofhhilhgvmecuoehnohhnvgeqnecuuegrihhlohhuthemuceftddtnecuucdlqddutddtmd
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

--------------060008070802020405070804
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Le 15/07/2010 20:39, DePriest, Jason R. a =E9crit :
>
> On Thu, Jul 15, 2010 at 1:31 PM, Lukas Haase<>  wrote:
>> Hi,
>>
>> Is there any (working) way to change privileges in cygwin?
>
> Try this: http://www.cygwin.com/faq/faq.using.html#faq.using.su
>
> It tells you to use ssh AT localhost but has a link to some mailing list
> archives that explain why su / sudo can't work properly.

see attachment, you'll be happy :-)

you'll have to add the following line to /etc/sshd_config, don't forget=20
to restart the service !

AcceptEnv LANG LC_* CYGWIN_*

sometime, I'll make it a cygports...
a sudo.sh like also exists, but I have to document it before...

Regards,

Cyrille Lefevre
--=20
mailto:Cyrille DOT Lefevre-lists AT laposte DOT net

--------------060008070802020405070804
Content-Type: text/plain;
 name="su.sh"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="su.sh"

#!/usr/bin/sh
#! -*- ksh -*-
#
# Simulate SU command via SSH
#
#ident @(#) $Header: /package/cvs/exploitation/sbin/Attic/su.sh,v 1.1.2.7 2010/04/26 17:17:46 cle Exp $

#set -x

if [ -n "${BASH_VERSION}${KSH_VERSION}" ]; then
	set -o posix
fi

#windows_env='ALLUSERSPROFILE COMMONPROGRAMFILES COMPUTERNAME
#COMSPEC HOMEDRIVE HOMEPATH LOGONSERVER NUMBER_OF_PROCESSORS OS
#PATHEXT PROCESSOR_ARCHITECTURE PROCESSOR_IDENTIFIER PROCESSOR_LEVEL
#PROCESSOR_REVISION PROGRAMFILES SYSTEMDRIVE SYSTEMROOT USERDOMAIN
#USERNAME WINDIR'
#unix_env='CYGWIN HOME LOGNAME MAIL OLDPWD PATH PWD SHELL SHLVL TEMP TMP USER'
#ssh_env='SSH_CLIENT SSH_CONNECTION SSH_AUTH_SOCK SSH_TTY'

if [ -z "${CYGWIN_SU_SCRIPT}" ]; then

export CYGWIN_SU_PWD=${PWD:-$(pwd)}
export CYGWIN_SU_SCRIPT=$0
case ${CYGWIN_SU_SCRIPT} in
*/*)	;;
*)	CYGWIN_SU_SCRIPT=$(type $0) # f*ing bash
	CYGWIN_SU_SCRIPT=${CYGWIN_SU_SCRIPT##* is } ;;
esac
CYGWIN_SU_PATH=${CYGWIN_SU_SCRIPT%/*}
case ${CYGWIN_SU_PATH} in
/*)	;;
*)	CYGWIN_SU_PATH=${CYGWIN_SU_PWD%/}/${CYGWIN_SU_PATH} ;;
esac
CYGWIN_SU_SCRIPT=${CYGWIN_SU_PATH%/}/${CYGWIN_SU_SCRIPT##*/}

usage() {
	cat << EOF >&2
usage: su [-bf] [-i ssh_key] [-s shell] [-d|-m|-l|-p|-] [user] [shell args]
options:
    -b          go to background just before command execution (ssh)
    -f          fast login (csh, tcsh or zsh, else unset ENV)
    -i ssh_key  ssh key to use if any
    -s shell    shell to use instead of the one in /etc/passwd
    -d          same as -l, but does not change the current directory
    -m | -p     preserve the environment
    -l | -      simulate a full login
options -d, -m, -l, -p or - are mutually exclusive.
default user is '${CYGWIN_SU_ROOT_USER}' (\$CYGWIN_ROOT_USER).
EOF
	exit $1
}

# noexport
CYGWIN_SU_SSH_KEY=${CYGWIN_SSH_KEY:-${HOME}/.ssh/id_sudo}
CYGWIN_SU_ROOT_USER=${CYGWIN_ROOT_USER:-root} # was Administrator

export CYGWIN_SU_CWD=NO CYGWIN_SU_FAST=NO
export CYGWIN_SU_LOGIN=NO CYGWIN_SU_PRESERVE=NO
export CYGWIN_SU_SHELL= CYGWIN_SU_USER=
# noexport
CYGWIN_SU_BACKGROUND=NO

while getopts ':bdfhi:lmps:' c; do
	case ${c} in
	'b')
		CYGWIN_SU_BACKGROUND=YES
		;;
	'd')
		CYGWIN_SU_LOGIN=YES
		CYGWIN_SU_CWD=YES
		CYGWIN_SU_PRESERVE=NO
		;;
	'f')
		# csh -f -- ignored
		;;
	'h')
		usage 0
		;;
	'i')
		CYGWIN_SU_SSH_KEY=${OPTARG}
		;;
	'l')
		CYGWIN_SU_LOGIN=YES
		CYGWIN_SU_CWD=NO
		CYGWIN_SU_PRESERVE=NO
		;;
	[mp])
		CYGWIN_SU_LOGIN=NO
		CYGWIN_SU_CWD=NO
		CYGWIN_SU_PRESERVE=YES
		;;
	's')
		CYGWIN_SU_SHELL=${OPTARG}
		;;
	*)
		(( OPTIND -= 1 ))
		break
		#echo "$0: Unknown option ${c}" 2>&1
		#exit 1
		;;
	esac
done

shift $((${OPTIND} - 1))

if [ "_${1}_" = _-_ ]; then
	CYGWIN_SU_LOGIN=YES
	shift
fi

case $#$1 in
0|*-*)
	CYGWIN_SU_USER=${CYGWIN_SU_ROOT_USER}
	;;
*)
	CYGWIN_SU_USER=$1
	shift
	;;
esac

export CYGWIN_SU_FROM=$(id -un)
export CYGWIN_SU_HOME=${HOME}
#export CYGWIN_SU_MAIL=${MAIL}
export CYGWIN_SU_COLORTERM=${COLORTERM}
export CYGWIN_SU_TERM=${TERM}
export CYGWIN_SU_UMASK=$(umask)

if [ ${CYGWIN_SU_LOGIN} = NO ]; then
	eval "$(export -p |
		egrep -e '^export [_[:alpha:]][_[:alnum:]]+' |
		sed -e '/export CYGWIN_SU/d;s|export |&CYGWIN_ENV_|')"
fi

CYGWIN_SU_SSH_OPTS='-akx'
if [ $# = 0 ]; then
	CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -t"
fi
if [ ${CYGWIN_SU_BACKGROUND} = YES ]; then
	CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -f"
fi
if [ -n "${CYGWIN_SU_SSH_KEY}" ]; then
	CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -i ${CYGWIN_SU_SSH_KEY}"
fi
CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -o Protocol=2"
CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -o LogLevel=ERROR"
CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -o NoHostAuthenticationForLocalhost=yes"
#CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -o ConnectTimeout=10"
#CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -o ServerAliveInterval=300"
CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -o SendEnv=LANG -o SendEnv=LC_*"
CYGWIN_SU_SSH_OPTS="${CYGWIN_SU_SSH_OPTS} -o SendEnv=CYGWIN_*"

if [ $# != 0 ]; then
	qargs= sep=
	for arg; do
		qarg=$(printf "%s\n" "${arg}" | sed -e 's|"|\\"|g')
		qargs="${qargs}${sep}\"${qarg}\""
		sep=' '
	done
	set -- "${qargs}"
fi

exec ssh ${CYGWIN_SU_SSH_OPTS} ${CYGWIN_SU_USER}@localhost "${CYGWIN_SU_SCRIPT}" ${1+"$@"}

else

unset SSH_CLIENT SSH_CONNECTION SSH_AUTH_SOCK SSH_TTY

[ -n "${SHLVL}" ] && SHLVL=0

if [ ${CYGWIN_SU_LOGIN:-NO} = YES ]; then
	CYGWIN_SU_SHELL_OPTS='-l'
	if [ -n "${CYGWIN_SU_COLORTERM}" ]; then
		export COLORTERM=${CYGWIN_SU_COLORTERM}
	fi
	if [ -n "${CYGWIN_SU_TERM}" ]; then
		export TERM=${CYGWIN_SU_TERM}
	fi
	if [ ${CYGWIN_SU_CWD:-NO} = YES ]; then
		cd "${CYGWIN_SU_PWD}"
	fi
else
	CYGWIN_SU_SHELL_OPTS=
	if [ -f /proc/$$/winpid ]; then
		id -Gn | egrep -qv "${CYGWIN_WHEEL_GROUP:-Administrat(or|eur)}"
		CYGWIN_SU_ROOT=$?
	else
		id -un | grep -qv "root"
		CYGWIN_SU_ROOT=$?
	fi
	if [ ${CYGWIN_SU_PRESERVE:-NO} = NO ]; then
#		#if [ ${CYGWIN_SU_ROOT} = 1 ]; then
#			CYGWIN_SU_FROM=${CYGWIN_SU_USER}
#		#fi
		CYGWIN_SU_HOME=${HOME}
		CYGWIN_SU_MAIL=${MAIL}
		CYGWIN_SU_SH=${SHELL}
	fi
	# SHLIB_PATH (hp-ux) LIBPATH (aix) DYLD_ (darwin)
	eval "$(export -p | sed -n -e '/export CYGWIN_ENV_LD_/d' \
				   -e 's|^export CYGWIN_ENV_|export |p')"
	if [ ${CYGWIN_SU_PRESERVE:-NO} = NO ]; then
		if [ ${CYGWIN_SU_ROOT} = 1 ]; then
			USER=${CYGWIN_SU_FROM}
			LOGNAME=${CYGWIN_SU_FROM}
		else
			USER=${CYGWIN_SU_USER}
			LOGNAME=${CYGWIN_SU_USER}
		fi
		HOME=${CYGWIN_SU_HOME}
		if [ -n "${CYGWIN_SU_MAIL}" ]; then
			MAIL=${CYGWIN_SU_MAIL}
		fi
		SHELL=${CYGWIN_SU_SH}
	fi
	umask ${CYGWIN_SU_UMASK}
	cd "${CYGWIN_SU_PWD}"
fi

#export SU_FROM=${CYGWIN_SU_FROM}

SHELL=${CYGWIN_SU_SHELL:-${SHELL:-/bin/sh}}

if [ ${CYGWIN_SU_FAST:-NO} = YES ]; then
	case ${SHELL##*/} in
	csh|csh.exe|tcsh|tcsh.exe|zsh|zsh.exe)
		CYGWIN_SU_SHELL_OPTS="${CYGWIN_SU_SHELL_OPTS} -f" ;;
	sh|sh.exe|\
	ash|ash.exe|bash|bash.exe|dash|dash.exe|\
	ksh|ksh.exe|pdksh|pdksh.exe|ksh93|ksh93.exe)
		unset ENV ;;
	esac
fi

eval "$(export -p | sed -e '/^export CYGWIN_ENV_/!d;s|^export |unset |;s|=.*||')"
unset CYGWIN_SU_PWD CYGWIN_SU_SCRIPT CYGWIN_SU_CWD
unset CYGWIN_SU_FAST CYGWIN_SU_LOGIN CYGWIN_SU_PRESERVE
unset CYGWIN_SU_COLORTERM CYGWIN_SU_FROM CYGWIN_SU_HOME
unset CYGWIN_SU_MAIL CYGWIN_SU_SH CYGWIN_SU_SHELL
unset CYGWIN_SU_TERM CYGWIN_SU_UMASK CYGWIN_SU_USER

if [ $# = 0 ]; then
	set -- -i
fi

exec ${SHELL} ${CYGWIN_SU_SHELL_OPTS} ${1+"$@"}

fi

# eof


--------------060008070802020405070804
Content-Type: text/plain; charset=us-ascii

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
--------------060008070802020405070804--