This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])


On Aug  7 12:59, Charles Wilson wrote:
> Corinna Vinschen wrote:
>>> We can require Administrators (-544) in /etc/group, and SYSTEM (-18) in 
>>> both /etc/group and /etc/passwd, right?
>> Yes.  I'm just wondering if we shouldn't check for the Admins group
>> only.  The token of the SYSTEM user always contains the Admins group and
>> the cyg_server (or whatever the name is) user is always (and should
>> always) be created as member of the admins group, too.  So, if I didn't
>> miss anything important, the check could be reduced to checking for the
>> admins group permissions.  Does that make sense?
>
> It makes sense -- if the following assertion is true for NT/2k/XP, as well 
> as more modern versions of Windows, for both cygwin-1.5 and cygwin-1.7:
>
> Admins group access to a file (-...[rwx]... as specified by $2 if group 
> ownership of the file is Administrators, or a sufficient group token in the 
> extended ACLs is present as determined by getfacl) is necessary and 
> sufficient for the SYSTEM user (and/or the special privileged user) to 
> access the file, regardless of the file's actual owner.

That should be the case.  The SYSTEM user token always contains the
Administrators group in its group list, so the SYSTEM user has (at
least) all permissions the Admins group has.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]