This is the mail archive of the
cygwin-apps@cygwin.com
mailing list for the Cygwin project.
Re: [RFC] Globally creating a user and a group "root"
- From: Corinna Vinschen <vinschen at redhat dot com>
- To: "'cygwin-apps at cygwin dot com'" <cygwin-apps at cygwin dot com>
- Date: Thu, 27 Nov 2003 10:43:55 +0100
- Subject: Re: [RFC] Globally creating a user and a group "root"
- References: <CCD084B0E779D411A70300508B66222605A330DF@exchukahis02.experian.co.uk>
- Reply-to: cygwin-apps at cygwin dot com
On Thu, Nov 27, 2003 at 09:05:02AM -0000, Morrison, John wrote:
> Corinna Vinschen wrote:
> > On Thu, Nov 27, 2003 at 08:33:24AM -0000, Morrison, John wrote:
> >> Corinna Vinschen wrote:
> >>> any chance you can poke the base-passwd script soon, to check for a
> >>> user and a group with SID S-1-1-0 in the existing /etc/passwd and
> >>> /etc/group files and remove them silently?
> >>>
> >>> Also it would be good if the script adds the following entry to
> >>> /etc/group, if possible as the first line:
> >>>
> >>> root:S-1-5-32-544:0:
> >>
> >> OK, just a few questions:
> >>
> >> 1) does your script do all this?
> >
> > No. I was asking you to add the above to the passwd related
> > postinstall script. That has nothing to do with my create-root
> > script.
>
> Sorry I thought it was your create-root.sh script we were talking
> about.
No, my create-root script is an entirely different - later - step.
I was just asking you this:
You already have this base-passwd and other general scripts running
on postinstall.
What we need is, having these stone age old "Everyone" entries with
uid and gid 0 and SID S-1-1-0 removed from /etc/passwd and /etc/group.
So I'm asking you to add something to your postinstall magic, which
does that trick. Just removing these entries once and for all, not
even asking the user for anything.
And the second wish is, to create a root:S-1-5-32-544:0: entry to
/etc/group, if /etc/group already exists and doesn't contain such
a root entry already. If there's no /etc/group, your script will
create one anyway, and in future, already mkgroup will create the
above root entry.
That's it. Your script is just one step on the way to the root
user and group we were talking about to get the service problems
solved.
The create-root script is another step, which has nothing to do
with what I'm asking you for.
Did I describe that clear enough this time?
> >> 4) I get an "Error in addUserRights (LsaAddAccountRights returned
> >> 0xc0000060=STATUS_NO_SUCH_PRIVILEGE)!" on a w2k box (I have
> >> full, local, admin rights. Is this OK? (or have I lost the
> >> plot again :|
> >
> > Details? Which user right does result in that error? Does W2K not
> > have the SeDenyXXX rights, perhaps?
>
> Sorry, you are talking double dutch (sorry all you Dutch ;). All
Just look into the create-root script. There are seven calls to the
famous new editrights tool. Three of them are only called on machines
with NT5 (W2K) and up. Probably that's not ok. I don't know exactly
but it's possible that W2K doesn't have these SeDenyWhatever user rights.
> I did was run the create-root.sh and enter a password. I've not got
> the time atm to go any deeper - I've a non-flexable deadline at work
> that I'm up against :(
That's ok. I just don't have W2K currently floating around here so
I'm stuck with 98, NT4, XP and 2003. Oh, no, wait... uh, damn, I
don't have administrative access to that W2K machine so I can't take
a look into the Local Security Policy MMC snapin :-(
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.