This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])
- From: Charles Wilson <cygwin at cwilson dot fastmail dot fm>
- To: cygwin at cygwin dot com
- Date: Sat, 19 Jul 2008 16:59:37 -0400
- Subject: Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])
- References: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net> <Pine.GSO.4.63.0805121820090.11953@access1.cims.nyu.edu> <20080513073720.GA22193@calimero.vinschen.de> <3B3EFBD49B94AD4DBB7B7097257A8046DD02FC@FDSVAST06SXCH01.flooddata.net> <20080616210105.GI731@calimero.vinschen.de> <20080616211352.GK731@calimero.vinschen.de> <48821B9F.6070907@cwilson.fastmail.fm> <20080719171235.GO5675@calimero.vinschen.de> <488252B5.8000501@cwilson.fastmail.fm>
Charles Wilson wrote:
Corinna Vinschen wrote:
However, I sent a second patch in
http://cygwin.com/ml/cygwin/2008-06/msg00453.html
The Interactive Logon Right is also necessary for this account.
I don't know why I missed that. I'll roll 0.1.6 soon.
Here's the followup patch I applied (with modified changedlog). I'll
wait for additional comments concerning cyg_server et. al. appearing in
/etc/passwd before rolling 0.1.6.
--
Chuck
* cygwin-service-installation-helper.sh
(csih_account_has_necessary_privileges): Don't explicitely
test for SeDenyXXX rights, nor for SeIncreaseQuotaPrivilege.
(csih_create_privileged_user): Drop setting
SeDenyInteractiveLogonRight and SeIncreaseQuotaPrivilege.
diff -u -b -r1.8 cygwin-service-installation-helper.sh
--- cygwin-service-installation-helper.sh 19 Jul 2008 16:40:31 -0000 1.8
+++ cygwin-service-installation-helper.sh 19 Jul 2008 20:53:31 -0000
@@ -1639,9 +1639,6 @@
editrights -u "${user}" -t SeAssignPrimaryTokenPrivilege >/dev/null 2>&1 &&
editrights -u "${user}" -t SeCreateTokenPrivilege >/dev/null 2>&1 &&
editrights -u "${user}" -t SeTcbPrivilege >/dev/null 2>&1 &&
- editrights -u "${user}" -t SeDenyInteractiveLogonRight >/dev/null 2>&1 &&
- editrights -u "${user}" -t SeDenyRemoteInteractiveLogonRight >/dev/null 2>&1 &&
- editrights -u "${user}" -t SeIncreaseQuotaPrivilege >/dev/null 2>&1 &&
editrights -u "${user}" -t SeServiceLogonRight >/dev/null 2>&1
return # status of previous command-list
fi
@@ -2104,9 +2101,7 @@
editrights -a SeAssignPrimaryTokenPrivilege -u ${username} &&
editrights -a SeCreateTokenPrivilege -u ${username} &&
editrights -a SeTcbPrivilege -u ${username} &&
- editrights -a SeDenyInteractiveLogonRight -u ${username} &&
editrights -a SeDenyRemoteInteractiveLogonRight -u ${username} &&
- editrights -a SeIncreaseQuotaPrivilege -u ${username} &&
editrights -a SeServiceLogonRight -u ${username} &&
username_got_all_rights="yes"
if [ "${username_got_all_rights}" != "yes" ]
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/