From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 92681 invoked by alias); 2 Apr 2015 09:28:10 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 92666 invoked by uid 89); 2 Apr 2015 09:28:08 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-in-01.arcor-online.net Received: from mail-in-01.arcor-online.net (HELO mail-in-01.arcor-online.net) (151.189.21.41) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (CAMELLIA256-SHA encrypted) ESMTPS; Thu, 02 Apr 2015 09:28:06 +0000 Received: from mail-in-20-z2.arcor-online.net (mail-in-20-z2.arcor-online.net [151.189.8.85]) by mx.arcor.de (Postfix) with ESMTP id 3lHfFZ5stkz2m7W for ; Thu, 2 Apr 2015 11:28:02 +0200 (CEST) Received: from mail-in-06.arcor-online.net (mail-in-06.arcor-online.net [151.189.21.46]) by mail-in-20-z2.arcor-online.net (Postfix) with ESMTP id C77218395C8 for ; Thu, 2 Apr 2015 11:28:02 +0200 (CEST) X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-06.arcor-online.net 3lHfFZ51m0z8FXj Received: from Gertrud (p54B46A9A.dip0.t-ipconnect.de [84.180.106.154]) (Authenticated sender: stromeko@arcor.de) by mail-in-06.arcor-online.net (Postfix) with ESMTPSA id 3lHfFZ51m0z8FXj for ; Thu, 2 Apr 2015 11:28:02 +0200 (CEST) From: Achim Gratz To: cygwin-apps@cygwin.com Subject: Re: [ATTN Maintainer] csih References: <87k2xzftp0.fsf@Rainer.invalid> <20150330072905.GG29875@calimero.vinschen.de> <87lhidvt45.fsf@Rainer.invalid> <20150401074611.GM13285@calimero.vinschen.de> Date: Thu, 02 Apr 2015 09:28:00 -0000 In-Reply-To: <20150401074611.GM13285@calimero.vinschen.de> (Corinna Vinschen's message of "Wed, 1 Apr 2015 09:46:11 +0200") Message-ID: <87d23m3mn4.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-SW-Source: 2015-04/txt/msg00001.txt.bz2 Corinna Vinschen writes: >> There's another fix that should probably go into the scripts: The >> service users should get SeDenyInteractiveLogonRight (they already have >> SeDenyRemoteLogonRight). At least on my Windows7 Pro/64bit laptop the >> accounts show up on the login screen otherwise. > > Still, https://cygwin.com/acronyms/#PGA? Really, I mean it. Sorry, I was temporarily out of round tuits. Index: cygwin-service-installation-helper.sh =================================================================== RCS file: /cvs/cygwin-apps/csih/cygwin-service-installation-helper.sh,v retrieving revision 1.37 diff -r1.37 cygwin-service-installation-helper.sh 3038a3039 > /usr/bin/editrights -a SeDenyInteractiveLogonRight -u ${csih_PRIVILEGED_USERNAME} && OK to commit? BTW, is there some deeper reason to use /usr/bin/editrights -a SeAssignPrimaryTokenPrivilege -u ${csih_PRIVILEGED_USERNAME} && /usr/bin/editrights -a SeCreateTokenPrivilege -u ${csih_PRIVILEGED_USERNAME} && /usr/bin/editrights -a SeTcbPrivilege -u ${csih_PRIVILEGED_USERNAME} && /usr/bin/editrights -a SeDenyInteractiveLogonRight -u ${csih_PRIVILEGED_USERNAME} && /usr/bin/editrights -a SeDenyRemoteInteractiveLogonRight -u ${csih_PRIVILEGED_USERNAME} && /usr/bin/editrights -a SeServiceLogonRight -u ${csih_PRIVILEGED_USERNAME} && username_got_all_rights="yes" instead of /usr/bin/editrights \ -a SeAssignPrimaryTokenPrivilege -a SeCreateTokenPrivilege -a SeTcbPrivilege \ -a SeDenyInteractiveLogonRight -a SeDenyRemoteInteractiveLogonRight \ -a SeServiceLogonRight -u ${csih_PRIVILEGED_USERNAME} && username_got_all_rights="yes" ? Because if there is, that seems like a bug in editrights that should be fixed. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables