* How to become root/root (0/0)
@ 2019-05-08 13:50 Henning
2019-05-08 14:33 ` Erik Soderquist
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: Henning @ 2019-05-08 13:50 UTC (permalink / raw)
To: cygwin
In order to not be misunderstood: the question is not about executing
a single command as a priviledged user.
Instead, I'm asking how to get rid the annoying Unknown+User and
Unknown+Group with six digits IDs permanently.
What I've tried so far:
1. put USER=root and HOME=/root
This gave me only /root as $HOME.
2. put the USER=root and UID=0 on the starting cmdline like so
U:\bin\mintty.exe -d -T tty1 -i /Cygwin-Terminal.ico /bin/env TTY=1
USER=root UID=0 /bin/bash -il
which gave me $UID=0 but not $USER=root
3. additionally set USER=root in ~/.profile
this finally yielded $USER=root
_but_ to no avail. because echo foo > bar and then ls -{l,n} showed
that absolutely nothing had changed: USER=Unknown+User (-1) etc.
And, what's worse, an attempt to chmod user perms of ./bar was not
possible.
4. following an old thread (Nov 2003) in the cygwin-apps mailing list
I created /etc/passwd with the line
root::0:0:me:/root:/bin/bash
with and without the asterisk for the empty password
and also /etc/group with the lines
root:S-1-5-32-544:0:
Administrators:S-1-5-32-544:544:
and I edited /etc/nsswitch.conf to contain
passwd: files # db
group: files # db
db_enum:
db_home:
db_shell:
db_gecos:
but again, to no avail. I simply can't get rid of the Unknowen+User
stuff. (And I am unable to change the user bits of permissions.)
I forgot to mention that my Windows user name is root, and I am the
only user, that is, administrator, group administrators. And I have
switched off UAC (registry) in order to avoid constant annoyances
regarding permissions.
What do I have to do, to get root (user and group).
... slightly desparate.
Henning
N.B. My cygwin installation is up to date. Windows 8.1
I have been using Linux for nearly 25 years (since kernel 1.2/3) and
cygwin since 2002. So this is not my first cygwin experience, but my
worst up to now.
Henning
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: How to become root/root (0/0)
2019-05-08 13:50 How to become root/root (0/0) Henning
@ 2019-05-08 14:33 ` Erik Soderquist
2019-05-08 14:45 ` Chris Johmson
2019-05-09 8:35 ` Andrey Repin
2 siblings, 0 replies; 10+ messages in thread
From: Erik Soderquist @ 2019-05-08 14:33 UTC (permalink / raw)
To: cygwin
On Wed, May 8, 2019 at 9:50 AM Henning wrote:
>
> In order to not be misunderstood: the question is not about executing
> a single command as a priviledged user.
>
> Instead, I'm asking how to get rid the annoying Unknown+User and
> Unknown+Group with six digits IDs permanently.
This indicates user lookup is not working for some reason; did you
configure and start the cygserver service?
https://cygwin.com/cygwin-ug-net/ntsec.html
> What I've tried so far:
>
> 1. put USER=root and HOME=/root
> This gave me only /root as $HOME.
>
> 2. put the USER=root and UID=0 on the starting cmdline like so
> U:\bin\mintty.exe -d -T tty1 -i /Cygwin-Terminal.ico /bin/env TTY=1
> USER=root UID=0 /bin/bash -il
> which gave me $UID=0 but not $USER=root
>
> 3. additionally set USER=root in ~/.profile
> this finally yielded $USER=root
I think you are conflating things... On Windows, UID 0 does not
exist, and so trying to force UID 0 I would expect to result in less
than guest privileges.
> _but_ to no avail. because echo foo > bar and then ls -{l,n} showed
> that absolutely nothing had changed: USER=Unknown+User (-1) etc.
> And, what's worse, an attempt to chmod user perms of ./bar was not
> possible.
>
> 4. following an old thread (Nov 2003) in the cygwin-apps mailing list
> I created /etc/passwd with the line
> root::0:0:me:/root:/bin/bash
<snip>
>
> but again, to no avail. I simply can't get rid of the Unknowen+User
> stuff. (And I am unable to change the user bits of permissions.)
Except for relatively rare corner cases, the use of /etc/passwd in
Cygwin has been deprecated for a long time now. This might actually
be causing you significant problems now if you are not one of the rare
corner cases.
https://cygwin.com/cygwin-ug-net/ntsec.html
> I forgot to mention that my Windows user name is root, and I am the
> only user, that is, administrator, group administrators. And I have
> switched off UAC (registry) in order to avoid constant annoyances
> regarding permissions.
I certainly understand the feeling here; what I do instead of
disabling UAC is configure sshd and alias 'sudo' to 'ssh localhost';
this way I am not always running everything with the admin tokens.
> What do I have to do, to get root (user and group).
again, conflating; UID/GID 0 does not exist; the nearest equivalent is
running the process(es) with the admin tokens in place. Trying to
force UID/GID 0 may be what broke this in your environment.
> N.B. My cygwin installation is up to date. Windows 8.1
> I have been using Linux for nearly 25 years (since kernel 1.2/3) and
> cygwin since 2002. So this is not my first cygwin experience, but my
> worst up to now.
I reference https://cygwin.com/cygwin-ug-net/ntsec.html specifically
because you specify your cygwin install is up to date, but you are
using the deprecated /etc/passwd etc. files.
-- Erik
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: How to become root/root (0/0)
2019-05-08 13:50 How to become root/root (0/0) Henning
2019-05-08 14:33 ` Erik Soderquist
@ 2019-05-08 14:45 ` Chris Johmson
2019-05-09 8:35 ` Andrey Repin
2 siblings, 0 replies; 10+ messages in thread
From: Chris Johmson @ 2019-05-08 14:45 UTC (permalink / raw)
To: cygwin, Chris Johmson
On 5/8/2019 9:50 AM, Henning wrote:
> In order to not be misunderstood: the question is not about executing
> a single command as a priviledged user.
>
> Instead, I'm asking how to get rid the annoying Unknown+User and
> Unknown+Group with six digits IDs permanently.
>
I'm assuming you want to be root in cyg terminal,yes? Have you tried
right click on cyg terminal an Run as admibisrator?
--
Chris Johnson rchristopherjohnson@gmail.com
Ex SysAdmin, now, writer /Not a shred of evidence exists in favor of
the idea that life is serious.
/(Brendan Gill)
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: How to become root/root (0/0)
2019-05-08 13:50 How to become root/root (0/0) Henning
2019-05-08 14:33 ` Erik Soderquist
2019-05-08 14:45 ` Chris Johmson
@ 2019-05-09 8:35 ` Andrey Repin
2 siblings, 0 replies; 10+ messages in thread
From: Andrey Repin @ 2019-05-09 8:35 UTC (permalink / raw)
To: Henning, cygwin
Greetings, Henning!
> In order to not be misunderstood: the question is not about executing
> a single command as a priviledged user.
> Instead, I'm asking how to get rid the annoying Unknown+User and
> Unknown+Group with six digits IDs permanently.
This is not possible. Windows permissions system symply do not have the "god
user" as a concept. End of story.
--
With best regards,
Andrey Repin
Thursday, May 9, 2019 11:24:06
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: How to become root/root (0/0)
2019-05-09 14:53 ` LRN
@ 2019-05-10 14:05 ` Andrey Repin
0 siblings, 0 replies; 10+ messages in thread
From: Andrey Repin @ 2019-05-10 14:05 UTC (permalink / raw)
To: LRN, cygwin
Greetings, LRN!
>>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>>> permissions system.
>>
>> That's not really correct. An account that is a member of the
>> Administrators local group (localized name can be different, SID is
>> S-1-5-32-544) is a root/superuser equivalent.
>>
>> It is true that some objects have permissions that prevent Administrators
>> from accessing them, but any member of Administrators can take
>> ownership/change permissions/run as SYSTEM and access those objects.
> IIRC, even Administrators can't run as SYSTEM. To run as SYSTEM, you need to
> somehow coerce a process that runs as SYSTEM to do something for you. Usually
> achieved by running a [temporary] service and having it do what you want to be
> done.
> Notably, SYSTEM (but not Administrator) can impersonate any other user without
> needing a password
Only locally.
But then again, impersonation versus having an inherent god power.
> (other users can only impersonate with a password - i.e.
> they need to authenticate themselves). In that sense SYSTEM is the true root
> (though there are other high-privilege accounts, such as Trusted Installer and
> Local Service that might be able to do the same things).
--
With best regards,
Andrey Repin
Friday, May 10, 2019 16:53:51
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: How to become root/root (0/0)
2019-05-09 14:45 ` Bill Stewart
@ 2019-05-09 14:53 ` LRN
2019-05-10 14:05 ` Andrey Repin
0 siblings, 1 reply; 10+ messages in thread
From: LRN @ 2019-05-09 14:53 UTC (permalink / raw)
To: cygwin
[-- Attachment #1.1: Type: text/plain, Size: 1230 bytes --]
On 09.05.2019 17:44, Bill Stewart wrote:
> On Thu, May 9, 2019 at 6:20 AM Andrey Repin wrote:
>
>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>> permissions system.
>
> That's not really correct. An account that is a member of the
> Administrators local group (localized name can be different, SID is
> S-1-5-32-544) is a root/superuser equivalent.
>
> It is true that some objects have permissions that prevent Administrators
> from accessing them, but any member of Administrators can take
> ownership/change permissions/run as SYSTEM and access those objects.
IIRC, even Administrators can't run as SYSTEM. To run as SYSTEM, you need to
somehow coerce a process that runs as SYSTEM to do something for you. Usually
achieved by running a [temporary] service and having it do what you want to be
done.
Notably, SYSTEM (but not Administrator) can impersonate any other user without
needing a password (other users can only impersonate with a password - i.e.
they need to authenticate themselves). In that sense SYSTEM is the true root
(though there are other high-privilege accounts, such as Trusted Installer and
Local Service that might be able to do the same things).
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: How to become root/root (0/0)
2019-05-09 12:20 ` Andrey Repin
2019-05-09 12:31 ` LRN
@ 2019-05-09 14:45 ` Bill Stewart
2019-05-09 14:53 ` LRN
1 sibling, 1 reply; 10+ messages in thread
From: Bill Stewart @ 2019-05-09 14:45 UTC (permalink / raw)
To: cygwin
On Thu, May 9, 2019 at 6:20 AM Andrey Repin wrote:
> Again, there's simply no equivalent of "god user" from *NIX in Windows
> permissions system.
That's not really correct. An account that is a member of the
Administrators local group (localized name can be different, SID is
S-1-5-32-544) is a root/superuser equivalent.
It is true that some objects have permissions that prevent Administrators
from accessing them, but any member of Administrators can take
ownership/change permissions/run as SYSTEM and access those objects.
Regards,
Bill
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: How to become root/root (0/0)
2019-05-09 12:31 ` LRN
@ 2019-05-09 12:50 ` Andrey Repin
0 siblings, 0 replies; 10+ messages in thread
From: Andrey Repin @ 2019-05-09 12:50 UTC (permalink / raw)
To: LRN, cygwin
Greetings, LRN!
>>> And the group "None". I found it mentioned in ntsec. Would it be
>>> possible to create a group "root" in Windows which gives it's
>>> members the same power as the group Administrators? And why "None"
>>> and not "Administrators"?
>>
>> Administrators do not have all possible permissions inherently.
>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>> permissions system.
> IIRC, the SYSTEM user has the most permissions, but users are normally
> forbidden from doing things as SYSTEM.
Most, but not all, and you could set permissions in such a way that "SYSTEM"
user won't be able to f.e. remove a certain file.
--
With best regards,
Andrey Repin
Thursday, May 9, 2019 15:34:08
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: How to become root/root (0/0)
2019-05-09 12:20 ` Andrey Repin
@ 2019-05-09 12:31 ` LRN
2019-05-09 12:50 ` Andrey Repin
2019-05-09 14:45 ` Bill Stewart
1 sibling, 1 reply; 10+ messages in thread
From: LRN @ 2019-05-09 12:31 UTC (permalink / raw)
To: cygwin
[-- Attachment #1.1: Type: text/plain, Size: 589 bytes --]
On 09.05.2019 15:09, Andrey Repin wrote:
> Greetings, Henning!
>
>> And the group "None". I found it mentioned in ntsec. Would it be
>> possible to create a group "root" in Windows which gives it's
>> members the same power as the group Administrators? And why "None"
>> and not "Administrators"?
>
> Administrators do not have all possible permissions inherently.
> Again, there's simply no equivalent of "god user" from *NIX in Windows
> permissions system.
IIRC, the SYSTEM user has the most permissions, but users are normally
forbidden from doing things as SYSTEM.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: How to become root/root (0/0)
2019-05-09 9:01 Henning
@ 2019-05-09 12:20 ` Andrey Repin
2019-05-09 12:31 ` LRN
2019-05-09 14:45 ` Bill Stewart
0 siblings, 2 replies; 10+ messages in thread
From: Andrey Repin @ 2019-05-09 12:20 UTC (permalink / raw)
To: Henning, cygwin
Greetings, Henning!
> And the group "None". I found it mentioned in ntsec. Would it be
> possible to create a group "root" in Windows which gives it's
> members the same power as the group Administrators? And why "None"
> and not "Administrators"?
Administrators do not have all possible permissions inherently.
Again, there's simply no equivalent of "god user" from *NIX in Windows
permissions system.
P.S.
You could always reply to your own [initial] message to preserve threading.
--
With best regards,
Andrey Repin
Thursday, May 9, 2019 15:08:14
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2019-05-10 14:05 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-08 13:50 How to become root/root (0/0) Henning
2019-05-08 14:33 ` Erik Soderquist
2019-05-08 14:45 ` Chris Johmson
2019-05-09 8:35 ` Andrey Repin
2019-05-09 9:01 Henning
2019-05-09 12:20 ` Andrey Repin
2019-05-09 12:31 ` LRN
2019-05-09 12:50 ` Andrey Repin
2019-05-09 14:45 ` Bill Stewart
2019-05-09 14:53 ` LRN
2019-05-10 14:05 ` Andrey Repin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).