inetd help
Larry Hall (Cygwin)
reply-to-list-only-lh@cygwin.com
Sun Jul 16 21:50:00 GMT 2006
Andrew DeFaria wrote:
> Robert McGraw wrote:
>> Thanks Corinna and the gmane.os.cygwin group. I got my service running
>> from the above help.
>>
>> I am not a window type guy and so have a few question on what I did:
>>
>> What make sshd_server account so special? I looked through the
>> ssh-host-script where it creates the sshd_server. Is it the SID
>> S-1-5-32-544, which I know nothing about. Or could any user in the
>> administrator group do the same.
>>
>> If I wanted to create my own -u user, rather then the sshd_server
>> user, what special settings would be required or is that I have a
>> password set for this user which inetd uses?
>>
> I think it's the following section:
>
> editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
> editrights -a SeCreateTokenPrivilege -u sshd_server &&
> editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
> editrights -a SeDenyNetworkLogonRight -u sshd_server &&
> editrights -a SeDenyRemoteInteractiveLogonRight -u
> sshd_server &&
> editrights -a SeIncreaseQuotaPrivilege -u sshd_server &&
> editrights -a SeServiceLogonRight -u sshd_server &&
> sshd_server_got_all_rights="yes"
>
> which bestows the necessary rights to the sshd_server user.
>
Actually it's just the calls to "editrights" that are necessary.
'SeCreateTokenPrivilege' is the right taken away from SYSTEM in W2K3, thus
necessitating the need for this new sshd_server to be created. The only
caution I would offer in all of this is that the OP not create multiple users
with this set of permissions, since it opens potential security holes.
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
216 Dalton Rd. (508) 893-9889 - FAX
Holliston, MA 01746
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list