This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

RE: mount points and inetd



>
> At 16:09 9/18/00 -0400, DJ Delorie wrote:
> >I've also heard rumors that system mounts can't even be *used* by an
> >account that doesn't have admin privs (does cygwin read the mounts
> >with a read/write key, or a read-only key?).
>
> not sure about 9x, but for NT4 users of class *GUEST* can use
> system mounts just fine. (you've got to enable a policy to even
> allow this class of user to login first if you wanna test that.)
> so *any* user that can login can use them.
>

It was me, who passed this rumor around :-)

Please, NT4 != WinNT.

Look at permissions for HKLM\Software on NT4. They inlclude (by default) at
least "Set value" and "Create subkey" for everybody. That means, that anybody
can create Cygiwn mount points here, including Guest.

Under Win2k HKLM\Software is read-only by default (except for Administrators
and System. Power users have special access). Cygwin *does* read mounts with
requested Read/Write permissions. That fails under Win2k unless user is
administrator (default install assumed).

Win9x  has no security anyway, so it cannot possibly fail here.

> >Otherwise, if a consensus can be reached about what the best
> >(i.e. safest) overall defaults are, it's easy to change.  Note that
> >setup won't change your system if it's doing an upgrade; it defaults
> >to whatever you had before.
>
> My suggestion would be to assign /, /usr/bin, and /usr/lib as
> system; as without them stuff stops working as soon as you load
> the cygwin dll under an unusual user. (i.e. inetd)
>

That would fail under Win2k. I just tested it.

-andrej


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]