This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])

From: Charles Wilson <cygwin at cwilson dot fastmail dot fm>
To: cygwin at cygwin dot com
Date: Sat, 19 Jul 2008 16:59:37 -0400
Subject: Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])
References: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net> <Pine.GSO.4.63.0805121820090.11953@access1.cims.nyu.edu> <20080513073720.GA22193@calimero.vinschen.de> <3B3EFBD49B94AD4DBB7B7097257A8046DD02FC@FDSVAST06SXCH01.flooddata.net> <20080616210105.GI731@calimero.vinschen.de> <20080616211352.GK731@calimero.vinschen.de> <48821B9F.6070907@cwilson.fastmail.fm> <20080719171235.GO5675@calimero.vinschen.de> <488252B5.8000501@cwilson.fastmail.fm>

Charles Wilson wrote:

Corinna Vinschen wrote:
However, I sent a second patch in
http://cygwin.com/ml/cygwin/2008-06/msg00453.html
The Interactive Logon Right is also necessary for this account.
I don't know why I missed that. I'll roll 0.1.6 soon.

Here's the followup patch I applied (with modified changedlog). I'll wait for additional comments concerning cyg_server et. al. appearing in /etc/passwd before rolling 0.1.6.

--
Chuck

	* cygwin-service-installation-helper.sh
	(csih_account_has_necessary_privileges): Don't explicitely
	test for SeDenyXXX rights, nor for SeIncreaseQuotaPrivilege.
        (csih_create_privileged_user): Drop setting
	SeDenyInteractiveLogonRight and SeIncreaseQuotaPrivilege.

diff -u -b -r1.8 cygwin-service-installation-helper.sh
--- cygwin-service-installation-helper.sh	19 Jul 2008 16:40:31 -0000	1.8
+++ cygwin-service-installation-helper.sh	19 Jul 2008 20:53:31 -0000
@@ -1639,9 +1639,6 @@
           editrights -u "${user}" -t SeAssignPrimaryTokenPrivilege     >/dev/null 2>&1 &&
           editrights -u "${user}" -t SeCreateTokenPrivilege            >/dev/null 2>&1 &&
           editrights -u "${user}" -t SeTcbPrivilege                    >/dev/null 2>&1 &&
-          editrights -u "${user}" -t SeDenyInteractiveLogonRight       >/dev/null 2>&1 &&
-          editrights -u "${user}" -t SeDenyRemoteInteractiveLogonRight >/dev/null 2>&1 &&
-          editrights -u "${user}" -t SeIncreaseQuotaPrivilege          >/dev/null 2>&1 &&
           editrights -u "${user}" -t SeServiceLogonRight               >/dev/null 2>&1
           return # status of previous command-list
         fi
@@ -2104,9 +2101,7 @@
         editrights -a SeAssignPrimaryTokenPrivilege -u ${username} &&
         editrights -a SeCreateTokenPrivilege -u ${username} &&
         editrights -a SeTcbPrivilege -u ${username} &&
-        editrights -a SeDenyInteractiveLogonRight -u ${username} &&
         editrights -a SeDenyRemoteInteractiveLogonRight -u ${username} &&
-        editrights -a SeIncreaseQuotaPrivilege -u ${username} &&
         editrights -a SeServiceLogonRight -u ${username} &&
         username_got_all_rights="yes"
         if [ "${username_got_all_rights}" != "yes" ]

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])
  - From: Charles Wilson
- Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])
  - From: Corinna Vinschen
- Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])
  - From: Charles Wilson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]