This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: About "messed up user permissions from w2k terminal session"


Corinna Vinschen wrote:
> 
> That would mean, any Cygwin process running under a non-priv'd account in
> a terminal server session will fail beginning with 2003 :-(  Blerch.
> 
> > Is that privilege given routinely by MS?
> 
> It's set to "undefined" in the domain and domain controller security
> policy dialogs.  I can't easily test if users have this right by default,
> at least not today.
> 
> > I will check if this privilege might be related to the reported problem.
> 
> AFAICS, SeCreateGlobalPrivilege doesn't exist prior to 03.  No hint for
> it's existance on my XP box.  Note that the report is talking about TS
> on 2K.  It shouldn't be a problem on 2K and XP.
> 


Case solved, and we have a problem. 
This is what James Below tells me:

>>- Are you running on Windows 2000 or 2003?
> windows 2000 sp4

> I get the same error with 1.5.3
So it's a Cygwin 1.5 issue with using the global name space,
not related to my recent changes.

>here are the output files. 
showing the privileges, and only the admin user who can start Cygwin has:

SeCreateGlobalPrivilege SE_PRIVILEGE_ENABLED, SE_PRIVILEGE_ENABLED_BY_DEFAULT,  

So MS is not telling the full truth, windows 2000 sp4 is using the privilege.

So we have a few choices:
1) Roll back to using the local name space, which makes interprocess comm
   very difficult, or
2) Require the privilege to run Cygwin from Terminal Services,
   or
3) Use the global name space only if the user has the privilege or
   we are not not running from TS.

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]