This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: About "messed up user permissions from w2k terminal session"
On Wed, Oct 08, 2003 at 09:20:28AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > How do we implement 3? A function for checking and setting privileges
> > exists. We would have to tweak it slightly to allow to recognize the
> > case that a user right just doesn't exist on the system.
> >
> > How do we test if the session is a TS session? Does NT provide this
> > information somewhere? *dig, dig, dig* Cool, yes, the function
> > GetSystemMetrics(SM_REMOTESESSION) returns TRUE if running in a remote
> > session. It does not return TRUE if running under a service, I just
> > tested it. So 3 should be doable.
>
> Great. FWIW there is also another way. Users running under TS are in a
> special group, at least with Windows 2000 sp4
> 4 [TERMINAL SERVER USER] [NT AUTHORITY] SidTypeWellKnownGroup
> 11 S-1-5-13
> SE_GROUP_ENABLED, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_MANDATORY,
Yep, that group exists also on XP so it will be very likely the same
on 03. But... hmm, I'm just thinking what happens if somebody tweaks
her /etc/group file to be a member of that group. Isn't using the
system metric more safe? I mean, the group info is fakable, the system
metric isn't...
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.