This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: cygwin_logon_user() not working

From: msg <michael dot grigoni at cybertheque dot org>
To: cygwin at cygwin dot com
Date: Sun, 13 Jul 2003 19:24:56 -0500
Subject: Re: cygwin_logon_user() not working
Organization: Cybertheque Museum

Problem solved; details for the archives (see below):

> > We don't have any native Win2k/NT debugging or development tools;
> > what can we do to troubleshoot this?
> >


First, the necessary privileges were assigned to the 'root' user
account in Win2K's local security policy GUI (this was the first
thing done before testing); the GUI was closed and reopened to
verify that they were set and showing as 'effective' also.

Then doing 'net searches we downloaded 'whoami.exe' 'gpresult.exe'
from the Win2K reskit and 'ntrights.exe' from the Win2003 reskit;
whoami /priv running as user 'root' DIDN'T EVEN SHOW these privs:

        SeTcbPrivilege
        SeCreateTokenPrivilege
        SeCreatePermanentPrivilege

They DIDN'T exist for the account (set or not set) even though
the GUI shows them and shows them as SET.

Running 'gpresult /v" lists privileges and also omits any reference
to the above three privs.

Running 'ntrights /u root +r SeTcbPrivilege' returns a message
...successful; 'whoami /priv' still shows no such privilege.

Then I wondered if some domain policy issue was intervening; this
host is on a LanManager 2.0 domain and doesn't grok LM announces
properly. However it was not currently a part of any WinNT domain
and not subject to domain group policy.

So, now being stumped thoroughly, I ended the Terminal Server session
I had started some many days ago (all the development work on this
host is done through TS from an X-terminal) so that I could login
as a different user.  Lo and Behold the privileges suddenly appeared
in the root account and in other accounts.

I would suggest adding a warning in the Cygwin users' guide and FAQ
to 'log out and login again -- especially if working from a TS
session' after setting the necessary privileges for setuid NT
security.

The test program now works and creates a file owned by the setuid'ed
user.

Michael Grigoni
Cybertheque Museum

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]