This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Windows 2003


On Fri, Jul 11, 2003 at 09:42:04AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > So (still as example) what about changing this to uid 0?  Anybody
> > who needs to run service applications with special privileges should
> > run them under the uid 0 account.  The uid 0 account could be created
> > by a special script started from setup or from the command line.
> > There's nothing keeping us from creating a Windows account "root"
> > with Admin privileges plus all these dangerous "create token",
> > "replace token" and "act as part of the OS" privileges.  Then we
> > could use this one for all the dirty work.
> 
> Yep, that would work, but it forces changes to existing installations
> (users need to update the passwd file) and all special applications 
> need to be updated at once. That's major, compared to the few 2003 sites.
> (having 2 entries in passwd doesn't really help).

That's not quite right.  The existing installations and tools still
work.  The new root user would be introduced beginning with 1.5.x
and the tools *compiled for* 1.5.x would be created with this in
mind.  Creating the "root" account would be done by a small tool
which would become part of the Cygwin base package.  That tool could
even be mkpasswd.  Unfortunately there seem to be no CLI tool in
Windows itself which allows manipulating user privileges so a script
isn't sufficient.

> The solution I proposed in the other e-mail allows a gradual migration,
> application by application. Once it is is place and all special applications
> use it, we can then change mkpasswd to have the root/uid=0 entry (which
> is an excellent idea).

Actually I don't see a big difference since your solution also
requires to change the tools to take advantage of the new call.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]