This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: About "messed up user permissions from w2k terminal session"

From: Corinna Vinschen <vinschen at redhat dot com>
To: cygwin-developers at cygwin dot com
Date: Wed, 8 Oct 2003 11:58:24 +0200
Subject: Re: About "messed up user permissions from w2k terminal session"
References: <3.0.5.32.20031006192857.00823100@mail.attbi.com> <20031007121726.GA21543@cygbert.vinschen.de> <3F82C581.902B0B66@ieee.org> <20031007144532.GA11595@cygbert.vinschen.de> <3F83033F.FC56C200@ieee.org>
Reply-to: cygwin-developers at cygwin dot com

On Tue, Oct 07, 2003 at 02:17:35PM -0400, Pierre A. Humblet wrote:
> Case solved, and we have a problem. 
> This is what James Below tells me:
> 
> >>- Are you running on Windows 2000 or 2003?
> > windows 2000 sp4
> 
> > I get the same error with 1.5.3
> So it's a Cygwin 1.5 issue with using the global name space,
> not related to my recent changes.
> 
> >here are the output files. 
> showing the privileges, and only the admin user who can start Cygwin has:
> 
> SeCreateGlobalPrivilege SE_PRIVILEGE_ENABLED, SE_PRIVILEGE_ENABLED_BY_DEFAULT,  
> 
> So MS is not telling the full truth, windows 2000 sp4 is using the privilege.
> 
> So we have a few choices:
> 1) Roll back to using the local name space, which makes interprocess comm
>    very difficult, or
> 2) Require the privilege to run Cygwin from Terminal Services,
>    or
> 3) Use the global name space only if the user has the privilege or
>    we are not not running from TS.

There's actually a problem here.  Another look into XP showed me that the
flag doesn't exist.  OTOH, XP uses TS to implement fast user switching.

FWIW, I think solution 1 is not something we should honestly discuss.

The simple solution 2 means, nothing to do for us, except to create
another FAQ entry.  Good short term solution, for sure.  But nevertheless
we should also put the pinfo shared mem into the Global\ namespace.

How do we implement 3?  A function for checking and setting privileges
exists.  We would have to tweak it slightly to allow to recognize the
case that a user right just doesn't exist on the system.

How do we test if the session is a TS session?  Does NT provide this
information somewhere? *dig, dig, dig*  Cool, yes, the function
GetSystemMetrics(SM_REMOTESESSION) returns TRUE if running in a remote
session.  It does not return TRUE if running under a service, I just
tested it.  So 3 should be doable.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

Follow-Ups:
- Re: About "messed up user permissions from w2k terminal session"
  - From: Igor Pechtchanski
- Re: About "messed up user permissions from w2k terminal session"
  - From: Pierre A. Humblet

References:
- About "messed up user permissions from w2k terminal session"
  - From: Pierre A. Humblet
- Re: About "messed up user permissions from w2k terminal session"
  - From: Corinna Vinschen
- Re: About "messed up user permissions from w2k terminal session"
  - From: Pierre A. Humblet
- Re: About "messed up user permissions from w2k terminal session"
  - From: Corinna Vinschen
- Re: About "messed up user permissions from w2k terminal session"
  - From: Pierre A. Humblet

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]