This is the mail archive of the cygwin-developers@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: seteuid ?


Earnie Boyd wrote:
> I need to
> be able to su root in order to have some daemon programs I'm trying to port
> think that I'm UID=0.
> 
> Now, I could modify the daemon but IMO I shouldn't have to.  So, what in your
> opinion is the best way to implement this scenario in Cygwin?  I understand
> that the ability to maintain the current function is probably wanted so
> something like ntsec=workstation is going to be necessary.

My opinion is in fact that you should modify the daemon. I did that
for OpenSSH, too. Porting to NT has the unfortunate effect that you
have to drop the special meaning of UID 0. You have three choices,
AFAICS:

- Worst: Drop all tests for UID. It's currently implemented that way in
  OpenSSH as well.

- Medium: Change to test for member of Administrators. You can get that
  by calling NetUserGetInfo(NULL, username, 1, buf) and checking for
  buf->usri1_priv == USER_PRIV_ADMIN. However, this check isn't valid
  for LocalSystem which you would need to check explicitly.

- Best: Check explicitly for one or more user rights by calling
  GetTokenInformation(..., TokenPrivileges, ...).

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin@sources.redhat.com
Red Hat, Inc.
mailto:vinschen@cygnus.com

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]