This is the mail archive of the
mailing list for the Cygwin project.
- From: Baurjan Ismagulov <ibr at ata dot cs dot hun dot edu dot tr>
- To: cygwin at cygwin dot com
- Date: Fri, 28 Nov 2003 14:06:29 +0200
- Subject: Re: setreuid
- References: <20031015105210.GF18774@ata.cs.hacettepe.edu.tr> <20031016103723.GA5542@ata.cs.hacettepe.edu.tr> <20031016125317.GB5542@ata.cs.hacettepe.edu.tr> <20031016142337.GC5542@ata.cs.hacettepe.edu.tr> <20031017135231.GA12904@ata.cs.hacettepe.edu.tr> <20031017135203.GU25076@cygbert.vinschen.de>
hope you still remember this thread :)
On Fri, Oct 17, 2003 at 03:52:03PM +0200, Corinna Vinschen wrote:
> > > Start a
> > > service under system account as inetd and let it handle the user context
> > > switch.
> > Thanks for the tip, I'll do so.
> To be more correct: Start inetd or xinetd as service, and add rsync to
> /etc/inetd.conf or /etc/xinetd.d/. Or, if rsync can handle this (I don't
> know), start it directly from cygrunsrv also under SYSTEM account.
I've played with all alternatives, and everything works fine (BTW, it
was a TFTP server).
After some thinking I decided to keep the setup as simple as possible,
and not to use inetd. So, I have the following options:
1. Patch the server not to use setreuid, install it as a service and run
it as SYSTEM.
2. Install the server as a service, give the SYSTEM user "Create a token
object" privilege and let the server setreuid to nobody.
3. Install the server as a service to be run as nobody or as a special
user just for this service (say, "tftp").
I am personally inclined to use (1). It seems to me that (2) brings more
risk than security, and that (3) differs not much from (1). What do you
think? Do you think (1) is the best solution? Which one would you
Thanks in advance,
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html