This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi Daniel, On Jul 17 22:29, D. Boland wrote: > Hi Corinna, > > Corinna Vinschen wrote: > > > > On Jul 17 20:14, D. Boland wrote: > > > Just letting you know how it went with the Resolver (miniedit). The error, pointed > > > out by you, solved the problem. > > > > Did you read my previous reply? Do *not* use the minres lib. Use the > > Cygwin resolver. There's no minires lib on 64 bit anymore and the 32 > > bit runtime minres is only maintained for backward compatibility. > > Yes, I read it. I just don't like to swap my current Cygwin DLL. I will test it > proper on a fresh Cygwin system on another computer. When will the fix be released? With 1.7.31 in the next few days. But there are still the developer snapshots for testing. Here's the deal: If you test a developer snapshot you can make sure that the next release will fix the problem. If you don't test the snapshot you won't have that privilege and the functionality will still be broken up to the next release. Simple. > > > Now I have an even bigger problem. Sendmail works perfectly. But only on my XP > > > machine. As of Windows Vista, MS decided to remove certain privileges from the > > > SYSTEM user. > > > > You might have to read the user's manual in the long run ;) > > > > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview > > I did read it. Very well written, I might add. It looked very complicated at first > but when I read it, it made my problem very clear. > > > Other services are set up so that they use another account called > > cyg_server. See, for instance, how ssh-host-config helps an admin to > > set this up. The csih package helper script is lending you a hand when > > creating such service installer scripts. See also > > > > https://cygwin.com/faq/faq.html#faq.using.sshd-in-domain > > I must say, I am not a big fan of this csih thang. It totally obfuscates what I am > doing with my Cygwin server as an administrator. Also, it creates the "cyg_server" > user, which just mimicks what the SYSTEM user used to do. Maybe it should have been > called "root"? SYSTEM or, FWIW, cyg_server are not root. Nor are the users in the admin group. The privilege concept in Windows is simply different and trying to tweak it into shape is bound to fail one way or the other. That's why we don't pretend any of the user accounts is actually root. > The SYSTEM user was/is also regarded as the root user by other softwares from the > Unix world. It's in the procmail source code (#define ROOT_uid 18). That's a Cygwin-specific patch to change tests testing for uid 0 to tests for uid 18 by default. But that doesn't matter. > I searched for MS's position on this issue. I found this article: > > http://technet.microsoft.com/en-us/library/bb457125.aspx > > In the section about the SeTcbPrivilege, which the "cyg_server" user needs to log in > as another user Stop right here. The problem is *not* SeTcbPrivilege. SeTcbPrivilege is only one side of the coin. The other side is SeCreateTokenPrivilege. Starting with Windows 2003, all services started under the SYSTEM account get an access token with the SeCreateTokenPrivilege explicitely removed. That means method 1 from the user guide (https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1) which at one point in the past was the *only* method, won't work. Given that method 2 and 3 require specific administrator intervention, method 1 is still the fallback, and it's probably in use on many machines of users who don't want to install an LSA auth package or to store the password in the registry. > I cannot believe that MS just disabled this privilege in the newer Windows versions, They didn't. They removed SeCreateTokenPrivilege. > without providing an alternative. So now I'm trying the LocalService user... Good luck. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
Attachment:
pgpovFmIrvZTZ.pgp
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |