From: Achim Gratz <Stromeko@nexgo.de>
To: cygwin-apps@cygwin.com
Subject: Re: [ATTN Maintainer] csih
Date: Thu, 02 Apr 2015 09:28:00 -0000 [thread overview]
Message-ID: <87d23m3mn4.fsf@Rainer.invalid> (raw)
In-Reply-To: <20150401074611.GM13285@calimero.vinschen.de> (Corinna Vinschen's message of "Wed, 1 Apr 2015 09:46:11 +0200")
Corinna Vinschen writes:
>> There's another fix that should probably go into the scripts: The
>> service users should get SeDenyInteractiveLogonRight (they already have
>> SeDenyRemoteLogonRight). At least on my Windows7 Pro/64bit laptop the
>> accounts show up on the login screen otherwise.
>
> Still, https://cygwin.com/acronyms/#PGA? Really, I mean it.
Sorry, I was temporarily out of round tuits.
Index: cygwin-service-installation-helper.sh
===================================================================
RCS file: /cvs/cygwin-apps/csih/cygwin-service-installation-helper.sh,v
retrieving revision 1.37
diff -r1.37 cygwin-service-installation-helper.sh
3038a3039
> /usr/bin/editrights -a SeDenyInteractiveLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
OK to commit?
BTW, is there some deeper reason to use
/usr/bin/editrights -a SeAssignPrimaryTokenPrivilege -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeCreateTokenPrivilege -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeTcbPrivilege -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeDenyInteractiveLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeDenyRemoteInteractiveLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
/usr/bin/editrights -a SeServiceLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
username_got_all_rights="yes"
instead of
/usr/bin/editrights \
-a SeAssignPrimaryTokenPrivilege -a SeCreateTokenPrivilege -a SeTcbPrivilege \
-a SeDenyInteractiveLogonRight -a SeDenyRemoteInteractiveLogonRight \
-a SeServiceLogonRight -u ${csih_PRIVILEGED_USERNAME} &&
username_got_all_rights="yes"
? Because if there is, that seems like a bug in editrights that should
be fixed.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables
next prev parent reply other threads:[~2015-04-02 9:28 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-29 20:13 Achim Gratz
2015-03-30 7:29 ` Corinna Vinschen
2015-03-31 19:56 ` Achim Gratz
2015-04-01 7:46 ` Corinna Vinschen
2015-04-02 9:28 ` Achim Gratz [this message]
2015-04-02 11:34 ` Corinna Vinschen
2015-04-02 15:15 ` Achim Gratz
2015-04-02 15:26 ` Corinna Vinschen
2015-04-02 15:54 ` Achim Gratz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d23m3mn4.fsf@Rainer.invalid \
--to=stromeko@nexgo.de \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).