This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: Bug in csih
- From: Charles Wilson <cygwin at cwilson dot fastmail dot fm>
- To: Mailing List: CygWin-Apps <cygwin-apps at cygwin dot com>
- Date: Sun, 05 Feb 2012 15:23:22 -0500
- Subject: Re: Bug in csih
- References: <20111219130732.GA28107@calimero.vinschen.de> <20120116101402.GA12891@calimero.vinschen.de>
On 1/16/2012 5:14 AM, Corinna Vinschen wrote:
Chuck? Ping?
How's this? (BTW, we do similar stuff in csih_create_privileged_user()
but I didn't address that).
Index: cygwin-service-installation-helper.sh
===================================================================
RCS file: /cvs/cygwin-apps/csih/cygwin-service-installation-helper.sh,v
retrieving revision 1.28
diff -u -p -r1.28 cygwin-service-installation-helper.sh
--- cygwin-service-installation-helper.sh 13 Feb 2011 23:22:34 -0000 1.28
+++ cygwin-service-installation-helper.sh 5 Feb 2012 20:22:07 -0000
@@ -2244,7 +2244,6 @@ csih_account_has_necessary_privileges()
$_csih_trace
local user="$1"
- local admingroup=
if [ -n "${user}" ]
then
if csih_call_winsys32 net user "${user}" >/dev/null 2>&1
@@ -2255,23 +2254,14 @@ csih_account_has_necessary_privileges()
csih_warning "Unable to ensure that '${user}' has the
appropriate privileges."
return 1
else
- admingroup=$(/usr/bin/mkgroup -l | /usr/bin/awk -F: '{if ( $2
== "S-1-5-32-544" ) print $1;}')
- if [ -z "${admingroup}" ]
- then
- csih_warning "Cannot obtain the Administrators group name
from 'mkgroup -l'."
- return 1
- fi
- if ! csih_call_winsys32 net localgroup "${admingroup}" |
/usr/bin/grep -Eiq "^${user}.?$"
- then
- # user not in Administrators group
- return 1
- else
- /usr/bin/editrights -u "${user}" -t
SeAssignPrimaryTokenPrivilege >/dev/null 2>&1 &&
- /usr/bin/editrights -u "${user}" -t SeCreateTokenPrivilege
>/dev/null 2>&1 &&
- /usr/bin/editrights -u "${user}" -t SeTcbPrivilege
>/dev/null 2>&1 &&
- /usr/bin/editrights -u "${user}" -t SeServiceLogonRight
>/dev/null 2>&1
- return # status of previous command-list
- fi
+ # Don't attempt to validate membership in Administrators group
+ # Instead, just try to set the appropriate rights; if it fails
+ # then handle that, instead.
+ /usr/bin/editrights -u "${user}" -t
SeAssignPrimaryTokenPrivilege >/dev/null 2>&1 &&
+ /usr/bin/editrights -u "${user}" -t SeCreateTokenPrivilege
>/dev/null 2>&1 &&
+ /usr/bin/editrights -u "${user}" -t SeTcbPrivilege
>/dev/null 2>&1 &&
+ /usr/bin/editrights -u "${user}" -t SeServiceLogonRight
>/dev/null 2>&1
+ return # status of previous command-list
fi
fi
fi