This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: [RFC] Globally creating a user and a group "root"


Corinna Vinschen wrote:
> On Thu, Nov 27, 2003 at 09:05:02AM -0000, Morrison, John wrote:
>> Corinna Vinschen wrote:
>>> On Thu, Nov 27, 2003 at 08:33:24AM -0000, Morrison, John wrote:
>>>> Corinna Vinschen wrote:
>>>>> any chance you can poke the base-passwd script soon, to check for
>>>>> a user and a group with SID S-1-1-0 in the existing /etc/passwd
>>>>> and /etc/group files and remove them silently?
>>>>> 
>>>>> Also it would be good if the script adds the following entry to
>>>>> /etc/group, if possible as the first line:
>>>>> 
>>>>>   root:S-1-5-32-544:0:
>>>> 
>>>> OK, just a few questions:
>>>> 
>>>> 1) does your script do all this?
>>> 
>>> No.  I was asking you to add the above to the passwd related
>>> postinstall script.  That has nothing to do with my create-root
>>> script.
>> 
>> Sorry I thought it was your create-root.sh script we were talking
>> about.
> 
> No, my create-root script is an entirely different - later - step.
> 
> I was just asking you this:
> 
> You already have this base-passwd and other general scripts running
> on postinstall. 
> 
> What we need is, having these stone age old "Everyone" entries with
> uid and gid 0 and SID S-1-1-0 removed from /etc/passwd and /etc/group.
> So I'm asking you to add something to your postinstall magic, which
> does that trick.  Just removing these entries once and for all, not
> even asking the user for anything.
> 
> And the second wish is, to create a root:S-1-5-32-544:0: entry to
> /etc/group, if /etc/group already exists and doesn't contain such
> a root entry already.  If there's no /etc/group, your script will
> create one anyway, and in future, already mkgroup will create the
> above root entry. 
> 
> That's it.  Your script is just one step on the way to the root
> user and group we were talking about to get the service problems
> solved. 
> 
> The create-root script is another step, which has nothing to do with
> what I'm asking you for. 
> 
> Did I describe that clear enough this time?

... OK, chill :))

I'll try for the weekend.

>>>> 4) I get an "Error in addUserRights (LsaAddAccountRights returned
>>>> 	0xc0000060=STATUS_NO_SUCH_PRIVILEGE)!" on a w2k box (I have
>>>> 	full, local, admin rights.  Is this OK? (or have I lost the
>>>> 	plot again :|
>>> 
>>> Details?  Which user right does result in that error? Does W2K not
>>> have the SeDenyXXX rights, perhaps?
>> 
>> Sorry, you are talking double dutch (sorry all you Dutch ;).  All
> 
> Just look into the create-root script.  There are seven calls to the
> famous new editrights tool.  Three of them are only called on machines
> with NT5 (W2K) and up.  Probably that's not ok.  I don't know exactly
> but it's possible that W2K doesn't have these SeDenyWhatever user
> rights. 

editrights -a SeDenyRemoteInteractiveLogonRight -u root

was the one that failed.  Would it be best (assuming these
last 3 are optional) to 2> /dev/null them?  Is there any other info
that would help?

J.


==========================================================================
Information in this email and any attachments are confidential, and may
not be copied or used by anyone other than the addressee, nor disclosed
to any third party without our permission. There is no intention to
create any legally binding contract or other binding commitment through
the use of this electronic communication unless it is issued in accordance
with the Experian Limited standard terms and conditions of purchase or
other express written agreement between Experian Limited and the recipient
Experian Limited (registration number 653331)
Registered office: Talbot House, Talbot Street, Nottingham NG80 1TH


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]