No effect of SE_BACKUP_NAME privilege on cygwin?
Christian Franke
Christian.Franke@t-online.de
Wed Mar 1 22:06:00 GMT 2006
Corinna Vinschen wrote:
> On Mar 1 20:28, Christian Franke wrote:
>
>> Enabling SE_BACKUP_NAME has no effect for cygwin programs.
>>
>
> You're expecting that you can use Windows functions in a POSIX
> application without disturbing the way Cygwin works. That's a bit
> dangerous.
Agree.
(I tried to add a "regtool save ..." action to allow backup of registry
hives from scripts.
This calls RegSaveKey which needs SE_BACKUP_NAME.)
> A Cygwin application's main thread is not running under the
> process token, but under a derived impersonation token. This is true
> for every thread in Cygwin. So, instead of using OpenProcessToken, you
> should be able to accomplish what you want by calling OpenThreadToken.
>
Yes, it works, thanks!
Already tried this before but gave up too early, because it didn't work
in the non-cygwin version ;-)
I didn't realize that the main thread has no token by default...
> However, I'm wondering if a Cygwin application should always try by
> itself to request the SE_BACKUP_NAME privilege. It would simplify file
> access for all privileged processes. Hmm.
>
Sounds reasonable.
SE_RESTORE_NAME is requested somewhere in the code, but not SE_BACKUP_NAME.
Christian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list