About "messed up user permissions from w2k terminal session"

Corinna Vinschen vinschen@redhat.com
Tue Oct 7 12:17:00 GMT 2003

On Mon, Oct 06, 2003 at 07:28:57PM -0400, Pierre A. Humblet wrote:
> I don't know what to think of the problem reported in
> http://cygwin.com/ml/cygwin/2003-10/msg00302.html
> An ordinary user cannot launch Cygwin 1.5.5 from Terminal Services,
> although there are no problems from sshd, nor anywhere with
> 1.3, nor when one is in Administrators or in Domain admins.
> The error message is **** CreateFileMapping, Win32 error 5. Terminating.
> AFAIK, the only difference in this area between 1.3 and 1.5.5 is that the
> mount shared uses the sec_none security attributes, which give full access to
> the user, Administrators and SYSTEM (in 1.3 there was no ACL).
> I don't see how that justifies the error message. Does having a domain
> matter?
> When starting from Terminal Services, the file mapping uses the local
> name space, not the global one as when from the console of sshd. See
> <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/t
> ermserv/kernel_object_namespaces.asp>
> Does that explain anything? The process won't see the cygwin_shared, etc..., 
> but that shouldn't matter.

A named file sharing created with open_shared() is always created
in the Global\ namespace, see shared_name().  Unfortnately I'm under
the impression that mystifies the failing CreateFileMapping instead
of clearing anything up.

> On the other hand, the name space explains the following:
> >>1) When you run 1.3.22 and you do ps -a from a Terminal Server session,
> do you
> >>see all Cygwin processes on the machine or only yours?
> >Only mine, only the ones that I have launched from my window/login session. 
> Do we want it this way or should the pinfos (and all other Cygwin shared)
> use the global name space?

IMHO the pinfo object should be in the Global\ namespace to allow a UNIX
like process list with all running processes.  Isn't that also necessary
to be able to send signals to your own processes which are just happen to
run in another terminal session?  You can't do this if the pinfo is in
a disjunctive namespace, or is that not the case?


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

More information about the Cygwin-developers mailing list