This is the mail archive of the
mailing list for the Cygwin project.
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Fri, 28 Nov 2003 16:08:00 +0100
- Subject: Re: setreuid
- References: <20031015105210.GF18774@ata.cs.hacettepe.edu.tr> <20031016103723.GA5542@ata.cs.hacettepe.edu.tr> <20031016125317.GB5542@ata.cs.hacettepe.edu.tr> <20031016142337.GC5542@ata.cs.hacettepe.edu.tr> <20031017135231.GA12904@ata.cs.hacettepe.edu.tr> <20031017135203.GU25076@cygbert.vinschen.de> <20031128120627.GC21415@ata.cs.hacettepe.edu.tr>
- Reply-to: cygwin at cygwin dot com
On Fri, Nov 28, 2003 at 02:06:29PM +0200, Baurjan Ismagulov wrote:
> After some thinking I decided to keep the setup as simple as possible,
> and not to use inetd. So, I have the following options:
> 1. Patch the server not to use setreuid, install it as a service and run
> it as SYSTEM.
> 2. Install the server as a service, give the SYSTEM user "Create a token
> object" privilege and let the server setreuid to nobody.
That won't work at all. SYSTEM already has the privilege but on 2003
it gets revoked the privilege when running services.
> 3. Install the server as a service to be run as nobody or as a special
> user just for this service (say, "tftp").
Best solution. If there's a chance to run stuff under a non-priv'd
account, just do it.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:email@example.com
Red Hat, Inc.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html