This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: suid bit on executables?



> Richard,
>
> FYI, Cygwin implements /dev/conin and /dev/conout, so, perhaps, the
> approach suggested in <http://cygwin.com/ml/cygwin/2004-03/msg00259.html>
> would be helpful (or something along those lines).

Hi Igor,

I tried man and apropos, and found nothing for conin or conout, but if I
understand what you're suggesting, you're saying I should try something
like the following:

The original command to use as a template (I take it this worked?):

cygrunsrv --install fetchmail --path /usr/bin/su.exe --args "-p -c
'/usr/bin/fetchmail --daemon 300 --nodetach </dev/conin 2>/dev/conout'
domain\\user" --env HOME=/home/user --termsig TERM --shutdown --type
manual --interactive

My interpretation of the above:

cygrunsrv --install <my_program> --path /usr/bin/su.exe --args
"-p -c '<path_to_my_program> <my_programs_args> </dev/conin 2>/dev/conout'
<my_domain>\\<privileged_user>" --env <my_progs_env_vars> --termsig TERM
--shutdown --type manual --interactive

Hmmm... Yes, this _seems_to_me_ to be exactly what I was hinting at when
Corinna suggested ssh instead. ... The above would be both better and
easier because there's no need for keys and no encryption overhead. Do I
understand that conin and conout redirect std-in and std-out to/from the
installed service to the caller of the service?

Also, you said:

> OTOH, once cygserver is in place, we'll have a working "su" (which is
> exactly what you want, right?).

But in the above cygrunsrv you call su! Yes, I know the executable is
there - in at least this example, does it work? Also, since there's an
ability to specify the user, maybe use the user flag, specify it
explicitly and ignore the su.exe?


Thanks for all your keystrokes!

Regards,
Richard

-- 
Richard Troy, Chief Scientist
Science Tools Corporation
rtroy@ScienceTools.com, 510-567-9957, http://ScienceTools.com/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]