This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: setreuid


On Fri, Nov 28, 2003 at 02:06:29PM +0200, Baurjan Ismagulov wrote:
> After some thinking I decided to keep the setup as simple as possible,
> and not to use inetd. So, I have the following options:
> 
> 1. Patch the server not to use setreuid, install it as a service and run
>    it as SYSTEM.

That's ok.

> 2. Install the server as a service, give the SYSTEM user "Create a token
>    object" privilege and let the server setreuid to nobody.

That won't work at all.  SYSTEM already has the privilege but on 2003
it gets revoked the privilege when running services.

> 3. Install the server as a service to be run as nobody or as a special
>    user just for this service (say, "tftp").

Best solution.  If there's a chance to run stuff under a non-priv'd
account, just do it.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]