How to become root/root (0/0)

How to become root/root (0/0)

[Henning]

In order to not be misunderstood: the question is not about executing
a single command as a priviledged user.

Instead, I'm asking how to get rid the annoying Unknown+User and
Unknown+Group  with six digits IDs permanently.

What I've tried so far:

1. put USER=root and HOME=/root
    This gave me only /root as $HOME.

2. put the USER=root and UID=0 on the starting cmdline like so
    U:\bin\mintty.exe -d -T tty1 -i /Cygwin-Terminal.ico /bin/env TTY=1 
USER=root UID=0 /bin/bash -il
    which gave me $UID=0 but not $USER=root

3. additionally set USER=root in ~/.profile
    this finally yielded $USER=root

_but_ to no avail. because echo foo > bar and then ls -{l,n} showed
that absolutely nothing had changed: USER=Unknown+User (-1) etc.
And, what's worse, an attempt to chmod user perms of ./bar was not
possible.

4. following an old thread (Nov 2003) in the cygwin-apps mailing list
    I created /etc/passwd with the line
          root::0:0:me:/root:/bin/bash
    with and without the asterisk for the empty password
    and also /etc/group with the lines
          root:S-1-5-32-544:0:
          Administrators:S-1-5-32-544:544:

    and I edited /etc/nsswitch.conf to contain
          passwd:   files	# db
          group:    files	# db
          db_enum:
          db_home:
          db_shell:
          db_gecos:

but again, to no avail. I simply can't get rid of the Unknowen+User
stuff. (And I am unable to change the user bits of permissions.)

I forgot to mention that my Windows user name is root, and I am the
only user, that is, administrator, group administrators. And I have
switched off UAC (registry) in order to avoid constant annoyances
regarding permissions.

What do I have to do, to get root (user and group).

... slightly desparate.

Henning

N.B. My cygwin installation is up to date. Windows 8.1
I have been using Linux for nearly 25 years (since kernel 1.2/3) and
cygwin since 2002. So this is not my first cygwin experience, but my
worst up to now.

Henning





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Erik Soderquist]

On Wed, May 8, 2019 at 9:50 AM Henning wrote:
>
> In order to not be misunderstood: the question is not about executing
> a single command as a priviledged user.
>
> Instead, I'm asking how to get rid the annoying Unknown+User and
> Unknown+Group  with six digits IDs permanently.

This indicates user lookup is not working for some reason; did you
configure and start the cygserver service?
https://cygwin.com/cygwin-ug-net/ntsec.html

> What I've tried so far:
>
> 1. put USER=root and HOME=/root
>     This gave me only /root as $HOME.
>
> 2. put the USER=root and UID=0 on the starting cmdline like so
>     U:\bin\mintty.exe -d -T tty1 -i /Cygwin-Terminal.ico /bin/env TTY=1
> USER=root UID=0 /bin/bash -il
>     which gave me $UID=0 but not $USER=root
>
> 3. additionally set USER=root in ~/.profile
>     this finally yielded $USER=root

I think you are conflating things...  On Windows, UID 0 does not
exist, and so trying to force UID 0 I would expect to result in less
than guest privileges.

> _but_ to no avail. because echo foo > bar and then ls -{l,n} showed
> that absolutely nothing had changed: USER=Unknown+User (-1) etc.
> And, what's worse, an attempt to chmod user perms of ./bar was not
> possible.
>
> 4. following an old thread (Nov 2003) in the cygwin-apps mailing list
>     I created /etc/passwd with the line
>           root::0:0:me:/root:/bin/bash
<snip>
>
> but again, to no avail. I simply can't get rid of the Unknowen+User
> stuff. (And I am unable to change the user bits of permissions.)

Except for relatively rare corner cases, the use of /etc/passwd in
Cygwin has been deprecated for a long time now.  This might actually
be causing you significant problems now if you are not one of the rare
corner cases.
https://cygwin.com/cygwin-ug-net/ntsec.html

> I forgot to mention that my Windows user name is root, and I am the
> only user, that is, administrator, group administrators. And I have
> switched off UAC (registry) in order to avoid constant annoyances
> regarding permissions.

I certainly understand the feeling here; what I do instead of
disabling UAC is configure sshd and alias 'sudo' to 'ssh localhost';
this way I am not always running everything with the admin tokens.

> What do I have to do, to get root (user and group).

again, conflating; UID/GID 0 does not exist; the nearest equivalent is
running the process(es) with the admin tokens in place.  Trying to
force UID/GID 0 may be what broke this in your environment.

> N.B. My cygwin installation is up to date. Windows 8.1
> I have been using Linux for nearly 25 years (since kernel 1.2/3) and
> cygwin since 2002. So this is not my first cygwin experience, but my
> worst up to now.

I reference https://cygwin.com/cygwin-ug-net/ntsec.html specifically
because you specify your cygwin install is up to date, but you are
using the deprecated /etc/passwd etc. files.

-- Erik

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Chris Johmson]

On 5/8/2019 9:50 AM, Henning wrote:
> In order to not be misunderstood: the question is not about executing
> a single command as a priviledged user.
>
> Instead, I'm asking how to get rid the annoying Unknown+User and
> Unknown+Group  with six digits IDs permanently.
>

I'm assuming you want to be root in cyg terminal,yes?  Have you tried 
right click on cyg terminal an Run as admibisrator?


-- 

Chris Johnson 	rchristopherjohnson@gmail.com
Ex SysAdmin, now, writer 	/Not a shred of evidence exists in favor of 
the idea that life is serious.
/(Brendan Gill)


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Andrey Repin]

Greetings, Henning!

> In order to not be misunderstood: the question is not about executing
> a single command as a priviledged user.

> Instead, I'm asking how to get rid the annoying Unknown+User and
> Unknown+Group  with six digits IDs permanently.

This is not possible. Windows permissions system symply do not have the "god
user" as a concept. End of story.


-- 
With best regards,
Andrey Repin
Thursday, May 9, 2019 11:24:06

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Andrey Repin]

Greetings, LRN!

>>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>>> permissions system.
>> 
>> That's not really correct. An account that is a member of the
>> Administrators local group (localized name can be different, SID is
>> S-1-5-32-544) is a root/superuser equivalent.
>> 
>> It is true that some objects have permissions that prevent Administrators
>> from accessing them, but any member of Administrators can take
>> ownership/change permissions/run as SYSTEM and access those objects.

> IIRC, even Administrators can't run as SYSTEM. To run as SYSTEM, you need to
> somehow coerce a process that runs as SYSTEM to do something for you. Usually
> achieved by running a [temporary] service and having it do what you want to be
> done.

> Notably, SYSTEM (but not Administrator) can impersonate any other user without
> needing a password

Only locally.
But then again, impersonation versus having an inherent god power.

> (other users can only impersonate with a password - i.e.
> they need to authenticate themselves). In that sense SYSTEM is the true root
> (though there are other high-privilege accounts, such as Trusted Installer and
> Local Service that might be able to do the same things).



-- 
With best regards,
Andrey Repin
Friday, May 10, 2019 16:53:51

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[LRN]

[-- Attachment #1.1: Type: text/plain, Size: 1230 bytes --]

On 09.05.2019 17:44, Bill Stewart wrote:
> On Thu, May 9, 2019 at 6:20 AM Andrey Repin wrote:
> 
>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>> permissions system.
> 
> That's not really correct. An account that is a member of the
> Administrators local group (localized name can be different, SID is
> S-1-5-32-544) is a root/superuser equivalent.
> 
> It is true that some objects have permissions that prevent Administrators
> from accessing them, but any member of Administrators can take
> ownership/change permissions/run as SYSTEM and access those objects.

IIRC, even Administrators can't run as SYSTEM. To run as SYSTEM, you need to
somehow coerce a process that runs as SYSTEM to do something for you. Usually
achieved by running a [temporary] service and having it do what you want to be
done.

Notably, SYSTEM (but not Administrator) can impersonate any other user without
needing a password (other users can only impersonate with a password - i.e.
they need to authenticate themselves). In that sense SYSTEM is the true root
(though there are other high-privilege accounts, such as Trusted Installer and
Local Service that might be able to do the same things).


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: How to become root/root (0/0)

[Bill Stewart]

On Thu, May 9, 2019 at 6:20 AM Andrey Repin wrote:

> Again, there's simply no equivalent of "god user" from *NIX in Windows
> permissions system.

That's not really correct. An account that is a member of the
Administrators local group (localized name can be different, SID is
S-1-5-32-544) is a root/superuser equivalent.

It is true that some objects have permissions that prevent Administrators
from accessing them, but any member of Administrators can take
ownership/change permissions/run as SYSTEM and access those objects.

Regards,

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Andrey Repin]

Greetings, LRN!

>>> And the group "None". I found it mentioned in ntsec. Would it be
>>> possible to create a group "root" in Windows which gives it's
>>> members the same power as the group Administrators? And why "None"
>>> and not "Administrators"?
>> 
>> Administrators do not have all possible permissions inherently.
>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>> permissions system.

> IIRC, the SYSTEM user has the most permissions, but users are normally
> forbidden from doing things as SYSTEM.

Most, but not all, and you could set permissions in such a way that "SYSTEM"
user won't be able to f.e. remove a certain file.


-- 
With best regards,
Andrey Repin
Thursday, May 9, 2019 15:34:08

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[LRN]

[-- Attachment #1.1: Type: text/plain, Size: 589 bytes --]

On 09.05.2019 15:09, Andrey Repin wrote:
> Greetings, Henning!
> 
>> And the group "None". I found it mentioned in ntsec. Would it be
>> possible to create a group "root" in Windows which gives it's
>> members the same power as the group Administrators? And why "None"
>> and not "Administrators"?
> 
> Administrators do not have all possible permissions inherently.
> Again, there's simply no equivalent of "god user" from *NIX in Windows
> permissions system.

IIRC, the SYSTEM user has the most permissions, but users are normally
forbidden from doing things as SYSTEM.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: How to become root/root (0/0)

[Andrey Repin]

Greetings, Henning!

> And the group "None". I found it mentioned in ntsec. Would it be
> possible to create a group "root" in Windows which gives it's
> members the same power as the group Administrators? And why "None"
> and not "Administrators"?

Administrators do not have all possible permissions inherently.
Again, there's simply no equivalent of "god user" from *NIX in Windows
permissions system.

P.S.
You could always reply to your own [initial] message to preserve threading.


-- 
With best regards,
Andrey Repin
Thursday, May 9, 2019 15:08:14

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple