This is the mail archive of the
mailing list for the Cygwin project.
Re: ntsec+inetd+cvspserver (was CVS PServer problem)
- From: Corinna Vinschen <cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Wed, 30 Jan 2002 13:18:42 +0100
- Subject: Re: ntsec+inetd+cvspserver (was CVS PServer problem)
- References: <002101c1a97b$77885720$ce113e9b@LSIL.COM>
On Wed, Jan 30, 2002 at 10:46:48AM -0000, Phil Dempster wrote:
> Hi folks,
> I've managed to get CVS pserver running on Win2K (ntsec) and am in the
> process of preparing some documentation for it. I'm trying to grasp just
> how the user ID switching works when CVS is spawned from inetd.
> I've found that it is not necessary to specify the user as `root' in
> inetd.conf, for example `Guest' will suffice.
> cvspserver stream tcp nowait Guest /usr/bin/cvs
> cvs -f --allow-root=/usr/local/cvsroot pserver
> I'd hoped that would make it a lot harder for anyone with malicious intent
> to gain access via pserver. However, I'm not convinced that isn't a bogus
> assumption. Does anything spawned from inetd run as the same uid as inetd
> itself (i.e. System)?
Heck, why did I wrote /usr/doc/inetutils-1.3.2.README and what are
the announcements good for? Since version 1.3.2-15 we have the
In inetd, allow to start services now as the user given in
the /etc/inetd.conf service entry. The user `root' is
treated special since it doesn't trigger a user context
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
doesn't trigger a user context switch, the ftp daemon
will run under SYSTEM account while in
ftp stream tcp nowait john_doe /usr/sbin/in.ftpd in.ftpd
inetd will try to run the ftp daemon under the `john_doe'
account. This will fail if the account `john_doe' isn't
correctly set up in /etc/passwd and /etc/group. However,
wrong user entries or failed user context switches are
logged in the NT event log so it should be easy to debug.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:firstname.lastname@example.org
Red Hat, Inc.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html