This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 'su' no longer working?


Joe Smith wrote:

> For passworded user switching:
> SE_ASSIGNPRIMARYTOKEN_NAME &&
> SE_INCREASE_QUOTA_NAME &&
> SE_TCB_NAME

for pr in AssignPrimaryToken IncreaseQuota Tcb; do 
    editrights -a Se${pr}Privilege -u user
done

> For passwordless user switching:
> SE_CREATE_TOKEN_NAME &&
> SE_ASSIGNPRIMARYTOKEN_NAME &&
> SE_INCREASE_QUOTA_NAME

for pr in CreateToken AssignPrimaryToken IncreaseQuota; do 
    editrights -a Se${pr}Privilege -u user
done

> You should not cripple to program to being usable only on the system
> account.
> It is very much possible to give a user those privleges, and easy on XP pro
> via the group policy editor (according to microsoft. I've never tried it.)

It was for this very reason (command-line automated privilege
manipulation) that editrights was written and placed in the 'base'
Cygwin install so that *-config scripts can use it for creating services
that run as non-SYSTEM accounts.

Brian


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]