This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: root's UID


Tom Alsberg wrote:
> > > Set uid to 0. As long as you are using ntsec that's ok.
> 
> Well, on the beginning I had the problem of being logged in as 'everyone'
> when I started Cygwin, but then I replaced the two lines of 'root' and
> 'everyone', and it got me logged in as root. Now the question arises -
> doesn't that interfere with operations using the 'everyone' user? And, if
> 'everyone' has the UID of 0, isn't this some kind of a security leak? I
> mean, wouldn't that make (in some plane and sense) everyone a superuser? I
> don't understand much about Windows NT's security, but from what I recall,
> in Unix/Linux, only superusers have UID 0.

Everything below is valid with ntsec ON only:

Cygwin's UID has nothing to do with the SID in Windows. It's really
hard to explain so I mostly refer to the ntsec chapter in the docs.

The only important entry for windows is the SID. The uid and even
the user name are mapped to the windows user using the SID.

So change the passwd and group entries to whatever you want as long
as the S- and U- entries in pw_gecos respectively gr_passwd are correct.
The U- entry is needed only if you want to use a different Cygwin
user name than in Windows, say, root instead of administrator, and
if you want to login via sort of remote session (telnet, ssh, ftp).

Typically you should care for using each Cygwin uid/gid only once,
obviously.

> > > For more information read the ntsec chapter in the online
> > > documentation (http://sources.redhat.com/cygwin/docs.html).
> 
> I read it when I first downloaded Cygwin, and you're right, it is somehow
> explained there, I guess I just didn't completely understand everything on
> first read...

As I use to say: I'm working on NT security for more than a year and a
half and I'm learning new details each day. Nevertheless, a basic
understanding of what's going on in NT security is somewhat essential to
use all features, unfortunately.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin@sources.redhat.com
Red Hat, Inc.
mailto:vinschen@cygnus.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]