problem with setuid

Felipe Alcacibar falcacibar@gmail.com
Thu Apr 12 04:40:00 GMT 2007 

hello..
i'm trying tu run a process with low privileges, (mysql) server, with
a mysql user, but this cannot be change, i'm using the Administrator
account as root. and i create a mysql user into de windows users and
expoted it to the passwd table.

a synopsis of this

[code]
svr ~ # cat /etc/passwd
SYSTEM:*:18:544:,S-1-5-18::
portage:*:250:250:,S-1-5-21-527237240-484763869-1202660629-1015:/usr/portae:/bin/false
apache:*:81:81:,S-1-5-21-527237240-484763869-1202660629-1019:/var/www:/bin/nologin
mysql:*:60:60:U-SVR\mysql,S-1-5-21-527237240-484763869-1202660629-1021:/var/lib/mysql:/bin/nologin
root:unused_by_nt/2000/xp:0:0:U-SVR\Administrador,S-1-5-21-527237240-484763869-1202660629-500:/home/Administrador:/bin/bash
Invitado:unused_by_nt/2000/xp:501:513:U-SVR\Invitado,S-1-5-21-527237240-484763869-1202660629-501:/home/Invitado:/bin/bash
svr ~ #
svr ~ # cat /etc/group
root:S-1-5-32-544:0:
portage:S-1-5-21-527237240-484763869-1202660629-1015:250:root
apache:S-1-5-21-527237240-484763869-1202660629-1019:81:
wheel:S-1-5-18:10:root
SYSTEM:S-1-5-18:18:
Ninguno:S-1-5-21-527237240-484763869-1202660629-513:513:
Administradores:S-1-5-32-544:0:
Duplicadores:S-1-5-32-552:552:
Invitados:S-1-5-32-546:546:
Operadores de configuración de red:S-1-5-32-556:556:
Operadores de copia:S-1-5-32-551:551:
Usuarios:S-1-5-32-545:545:
Usuarios avanzados:S-1-5-32-547:547:
Usuarios de escritorio remoto:S-1-5-32-555:555:
HelpServicesGroup:S-1-5-21-527237240-484763869-1202660629-1001:1001:
aweonao:S-1-5-32-544:500:
utmp:S-1-5-21-527237240-484763869-1202660629-1017:409:
mysql:S-1-5-21-527237240-484763869-1202660629-1021:60:
 [/code]

for test, i'm using the following command...

[code]
svr test # start-stop-daemon --start  -c mysql -q -x /usr/bin/yes
start-stop-daemon: Unable to set uid to mysql
svr test #
[/code]

when i made a strace for the procces, this is the result (cutted to
the point of problem)

[code]
  120 2197588 [main] start-stop-daemon 1216 extract_nt_dom_user:
pw_gecos 6B1384 (U-SVR\mysql,S-1-5-
21-527237240-484763869-1202660629-1021)
87233 2284821 [main] start-stop-daemon 1216 initgroups32: 0 =
initgroups (mysql, 60)
   95 2284916 [main] start-stop-daemon 1216 seteuid32: uid: 60
myself->uid: 0 myself->gid: 60
   65 2284981 [main] start-stop-daemon 1216 seteuid32: Found token -1
 2802 2287783 [main] start-stop-daemon 1216 seterrno_from_win_error:
/ext/build/netrel/src/cygwin-1.
5.24-2/winsup/cygwin/sec_helper.cc:422 windows error 1300
  125 2287908 [main] start-stop-daemon 1216 geterrno_from_win_error:
unknown windows error 1300, set
ting errno to 13
   50 2287958 [main] start-stop-daemon 1216 __set_errno: void
seterrno_from_win_error(const char*, i
nt, DWORD):310 val 13
   52 2288010 [main] start-stop-daemon 1216 set_privilege: -1 =
set_privilege ((token 6BC) SeCreateT
okenPrivilege, 1)
 9221 2297231 [main] start-stop-daemon 1216 seterrno_from_win_error:
/ext/build/netrel/src/cygwin-1.
5.24-2/winsup/cygwin/security.cc:889 windows error 1314
   88 2297319 [main] start-stop-daemon 1216 geterrno_from_win_error:
unknown windows error 1314, set
ting errno to 13
   49 2297368 [main] start-stop-daemon 1216 __set_errno: void
seterrno_from_win_error(const char*, i
nt, DWORD):310 val 13
 1002 2298370 [main] start-stop-daemon 1216 create_token: -1 = create_token ()
  149 2298519 [main] start-stop-daemon 1216 seteuid32: create token
failed, try subauthentication.
 2872 2301391 [main] start-stop-daemon 1216 seterrno_from_win_error:
/ext/build/netrel/src/cygwin-1.
.
5.24-2 /winsup/cygwin/security.cc:961 windows error 5
 1741 2306707 [main] start-stop-daemon 1216 geterrno_from_win_error:
windows error 5 == errno 13
  109 2306816 [main] start-stop-daemon 1216 __set_errno: void
seterrno_from_win_error(const char*, i
nt, DWORD):310 val 13
   81 2306897 [main] start-stop-daemon 1216 setuid32: real: 0, effective: 0
 1591 2308488 [main] start-stop-daemon 1216 sig_send: sendsig 0x700,
pid 1216, signal -34, its_me 1
   69 2308557 [main] start-stop-daemon 1216 sig_send: wakeup 0x6C8
 3527 2312084 [main] start-stop-daemon 1216 sig_send: Waiting for
pack.wakeup 0x6C8
 1793 2313877 [sig] start-stop-daemon 1216 wait_sig: signalling
pack.wakeup 0x6C8
70125 2384002 [main] start-stop-daemon 1216 sig_send: returning 0x0
from sending signal -34
  181 2384183 [main] start-stop-daemon 1216 fhandler_base::write: binary write
start-stop-daemon:   791 2384974 [main] start-stop-daemon 1216
sig_send: sendsig 0x700, pid 1216, si
gnal -34, its_me 1
  365 2385339 [main] start-stop-daemon 1216 sig_send: wakeup 0x6C8
   77 2385416 [main] start-stop-daemon 1216 sig_send: Waiting for
pack.wakeup 0x6C8
  798 2386214 [sig] start-stop-daemon 1216 wait_sig: signalling
pack.wakeup 0x6C8
  676 2386890 [main] start-stop-daemon 1216 sig_send: returning 0x0
from sending signal -34
  722 2387612 [main] start-stop-daemon 1216 fhandler_base::write: binary write
Unable to set uid to mysql  280 2387892 [main] start-stop-daemon 1216
sig_send: sendsig 0x700, pid 1216, signal -34, its_me 1
  486 2388378 [main] start-stop-daemon 1216 sig_send: wakeup 0x6C8
   72 2388450 [main] start-stop-daemon 1216 sig_send: Waiting for
pack.wakeup 0x6C8
  327 2388777 [sig] start-stop-daemon 1216 wait_sig: signalling
pack.wakeup 0x6C8
  814 2389591 [main] start-stop-daemon 1216 sig_send: returning 0x0
from sending signal -34
  477 2390068 [main] start-stop-daemon 1216 fhandler_base::write: binary write
[/code]


i hope that something that's help me.... greetings.... and thanks

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list