This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: how su works with no suid

edwede wrote:
> ok, let me ask it a different way...
> if I do an 'su - guest' it does not ask for password but just gives
> 'su: cannot set user id: Not owner'

Take a look into the sources of, say, `login'. You will see that you
need extra effort to get an user token from windows to be able to use

Documentation is available as well. It's currently not in the online
docs but if you download the sources of cygwin, you will find it in

`winsup/doc/ntsec.sgml', chapter "New setuid concept".

> in the end, i am trying to come up with an sshd version that installs as a service, uses rsa, etc...

There's already a ported working sshd. See that message:

It provides RSA as long as you try to login as the owner of the sshd

You will not be able to provide RSA authentication which will switch
the user context without writing your own LSA authentication or
subauthentication package.

> --- here is some more detail about the problem.
> I am logged into nt as my nt-domain user that has local nt-admin rights.
> su and some other programs make a call to setuid or seteuid. In normal unix, the file 'su' is chmod to 4755 which is -rwsr-xr-x. There is no implementation of "set user execution bit on"

That's right. And if you want to switch the user context in NT
you'll have to stand on your head. You'll have to provide the
password which has to be given to a nt specific logon function
("LogonUser()" which is wrapped by Cygwin's "cygwin_logon_user()")
to get a so called "access token" which has to be used to impersonate
the user by calls to "ImpersonateLoggoedOnUser()" (wrapped by
cygwin_set_impersonation_token()") or "CreateProcessAsUser()" (wrapped
by "execve()"). See source of login for a simple example:


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer              
Red Hat, Inc.

Want to unsubscribe from this list?
Send a message to

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]