This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: NFS server (final?)


> Only if you changed the uid of the Administrator account to 0 by hand.
 
I have *not* done anything on my system to add a root user or any user
with uid 0; and yet, seteuid(0) apparently succeeds.

> If you actually switch the user context, the application must not rely
> on having uid 0 == root or having uid 0 at all.  

What's the recommended way of dealing with this?  The code in the server
does something along the lines of:

	seteuid(ROOT_UID)
	setegid(gid)
	setgroups(len, gids)
	seteuid(uid)

(Error checking obviously ignored.)  From what I can tell in the Cygwin
docs, the seteuid(ROOT_UID) call shouldn't be neccesary:

  "Since Cygwin release 1.3.3, applications having the Create a process
   level token user right can switch user context without giving a
   password by just calling the usual setuid, seteuid, setgid and
   setegid functions. This is typically only given to the SYSTEM user."

So, is the answer to remove the seteuid(ROOT_UID) call, and document
the requirement that the server be run under an account with the "Create
a process level token" right?

-Samrobb


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]