This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [ATTN Maintainer] csih
- From: Achim Gratz <Stromeko at nexgo dot de>
- To: cygwin-apps at cygwin dot com
- Date: Thu, 02 Apr 2015 11:27:59 +0200
- Subject: Re: [ATTN Maintainer] csih
- Authentication-results: sourceware.org; auth=none
- References: <87k2xzftp0 dot fsf at Rainer dot invalid> <20150330072905 dot GG29875 at calimero dot vinschen dot de> <87lhidvt45 dot fsf at Rainer dot invalid> <20150401074611 dot GM13285 at calimero dot vinschen dot de>
Corinna Vinschen writes:
>> There's another fix that should probably go into the scripts: The
>> service users should get SeDenyInteractiveLogonRight (they already have
>> SeDenyRemoteLogonRight). At least on my Windows7 Pro/64bit laptop the
>> accounts show up on the login screen otherwise.
>
> Still, https://cygwin.com/acronyms/#PGA? Really, I mean it.
Sorry, I was temporarily out of round tuits.
Index: cygwin-service-installation-helper.sh
===================================================================
RCS file: /cvs/cygwin-apps/csih/cygwin-service-installation-helper.sh,v
retrieving revision 1.37
diff -r1.37 cygwin-service-installation-helper.sh
3038a3039
> /usr/bin/editrights -a SeDenyInteractiveLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
OK to commit?
BTW, is there some deeper reason to use
/usr/bin/editrights -a SeAssignPrimaryTokenPrivilege -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeCreateTokenPrivilege -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeTcbPrivilege -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeDenyInteractiveLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeDenyRemoteInteractiveLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeServiceLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
username_got_all_rights="yes"
instead of
/usr/bin/editrights \
-a SeAssignPrimaryTokenPrivilege -a SeCreateTokenPrivilege -a SeTcbPrivilege \
-a SeDenyInteractiveLogonRight -a SeDenyRemoteInteractiveLogonRight \
-a SeServiceLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
username_got_all_rights="yes"
? Because if there is, that seems like a bug in editrights that should
be fixed.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables