About "messed up user permissions from w2k terminal session"

Corinna Vinschen vinschen@redhat.com
Tue Oct 7 14:45:00 GMT 2003

On Tue, Oct 07, 2003 at 09:54:09AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > IMHO the pinfo object should be in the Global\ namespace to allow a UNIX
> > like process list with all running processes.  Isn't that also necessary
> > to be able to send signals to your own processes which are just happen to
> > run in another terminal session?  You can't do this if the pinfo is in
> > a disjunctive namespace, or is that not the case?
> You are right, you won't see your own processes in other sessions and you 
> won't find their signal pipes.
> There is this sentence in the MS page I cited yesterday:
> "Starting with Windows?Server 2003, the creation of a global section from a
> session other than the initial system session (where clients run) is a
> privileged operation. Because of this, an application running in an 
> arbitrary Terminal Server session must have SeCreateGlobalPrivilege enabled
> in order to create a global section successfully. "

That would mean, any Cygwin process running under a non-priv'd account in
a terminal server session will fail beginning with 2003 :-(  Blerch.

> Is that privilege given routinely by MS?

It's set to "undefined" in the domain and domain controller security
policy dialogs.  I can't easily test if users have this right by default,
at least not today.

> I will check if this privilege might be related to the reported problem.

AFAICS, SeCreateGlobalPrivilege doesn't exist prior to 03.  No hint for
it's existance on my XP box.  Note that the report is talking about TS
on 2K.  It shouldn't be a problem on 2K and XP.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

More information about the Cygwin-developers mailing list