Re: Re: How to become root/root (0/0)

Re: Re: How to become root/root (0/0)

[Henning]

This is in response to Erik Soderquist's response. I happened to
delete the mail, so the citations may not look properly. Sorry for
the inconvenience.

 > On Windows, UID 0 does not exist
yes, I am (and were) fully aware of that. But see below.

 > trying to force UID 0 I would expect to result in less than guest
 > privileges
obviously you are right. So I undid any changes concerning USER, UID
and HOME, deleted /etc/{passwd,group}, I restored the original
/etc/nsswitch.conf and removed relevant settings from shortcut
cmdlines.

Now I've got root/None xxxxxx/xxxxxx and everything seems to work
properly. Obviously you kickd me in the right direction. Thanks a lot
for your prompt response.

But, though not really a "but", I now have $HOME=/root. This is what
I want, but how come? AFAIR, in the beginning it was /home/root,
which I don't like. Maybe I forgot to revert something. And, accor-
ding to ntsec.html the desire to have a non-/home/$USER would make
me one of your corner cases.

 > did you configure and start the cygserver service?
No. And currently, with things working properly, I don't see a
reason to have one more service running.

And yes,
 > the use of /etc/passwd in Cygwin has been deprecated
but, according to ntsec.html
    "Read /etc/passwd and /etc/group files if they exist, just
     as in the olden days, mainly for backward compatibility."
and
    "If no entry is found, or no passwd or group file was present,
     Cygwin will ask the OS."

So, shouldn't the method proposed here 
https://cygwin.com/ml/cygwin-apps/2003-11/msg00134.html , although from 
pre-nsswitch.conf times,
still work?

I think, I'll try again.

And the group "None". I found it mentioned in ntsec. Would it be
possible to create a group "root" in Windows which gives it's
members the same power as the group Administrators? And why "None"
and not "Administrators"?

Again, thanks for your quick reaction.

Henning

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Andrey Repin]

Greetings, Henning!

> And the group "None". I found it mentioned in ntsec. Would it be
> possible to create a group "root" in Windows which gives it's
> members the same power as the group Administrators? And why "None"
> and not "Administrators"?

Administrators do not have all possible permissions inherently.
Again, there's simply no equivalent of "god user" from *NIX in Windows
permissions system.

P.S.
You could always reply to your own [initial] message to preserve threading.


-- 
With best regards,
Andrey Repin
Thursday, May 9, 2019 15:08:14

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[LRN]

[-- Attachment #1.1: Type: text/plain, Size: 589 bytes --]

On 09.05.2019 15:09, Andrey Repin wrote:
> Greetings, Henning!
> 
>> And the group "None". I found it mentioned in ntsec. Would it be
>> possible to create a group "root" in Windows which gives it's
>> members the same power as the group Administrators? And why "None"
>> and not "Administrators"?
> 
> Administrators do not have all possible permissions inherently.
> Again, there's simply no equivalent of "god user" from *NIX in Windows
> permissions system.

IIRC, the SYSTEM user has the most permissions, but users are normally
forbidden from doing things as SYSTEM.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: How to become root/root (0/0)

[Andrey Repin]

Greetings, LRN!

>>> And the group "None". I found it mentioned in ntsec. Would it be
>>> possible to create a group "root" in Windows which gives it's
>>> members the same power as the group Administrators? And why "None"
>>> and not "Administrators"?
>> 
>> Administrators do not have all possible permissions inherently.
>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>> permissions system.

> IIRC, the SYSTEM user has the most permissions, but users are normally
> forbidden from doing things as SYSTEM.

Most, but not all, and you could set permissions in such a way that "SYSTEM"
user won't be able to f.e. remove a certain file.


-- 
With best regards,
Andrey Repin
Thursday, May 9, 2019 15:34:08

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Bill Stewart]

On Thu, May 9, 2019 at 6:20 AM Andrey Repin wrote:

> Again, there's simply no equivalent of "god user" from *NIX in Windows
> permissions system.

That's not really correct. An account that is a member of the
Administrators local group (localized name can be different, SID is
S-1-5-32-544) is a root/superuser equivalent.

It is true that some objects have permissions that prevent Administrators
from accessing them, but any member of Administrators can take
ownership/change permissions/run as SYSTEM and access those objects.

Regards,

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[LRN]

[-- Attachment #1.1: Type: text/plain, Size: 1230 bytes --]

On 09.05.2019 17:44, Bill Stewart wrote:
> On Thu, May 9, 2019 at 6:20 AM Andrey Repin wrote:
> 
>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>> permissions system.
> 
> That's not really correct. An account that is a member of the
> Administrators local group (localized name can be different, SID is
> S-1-5-32-544) is a root/superuser equivalent.
> 
> It is true that some objects have permissions that prevent Administrators
> from accessing them, but any member of Administrators can take
> ownership/change permissions/run as SYSTEM and access those objects.

IIRC, even Administrators can't run as SYSTEM. To run as SYSTEM, you need to
somehow coerce a process that runs as SYSTEM to do something for you. Usually
achieved by running a [temporary] service and having it do what you want to be
done.

Notably, SYSTEM (but not Administrator) can impersonate any other user without
needing a password (other users can only impersonate with a password - i.e.
they need to authenticate themselves). In that sense SYSTEM is the true root
(though there are other high-privilege accounts, such as Trusted Installer and
Local Service that might be able to do the same things).


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: How to become root/root (0/0)

[Andrey Repin]

Greetings, LRN!

>>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>>> permissions system.
>> 
>> That's not really correct. An account that is a member of the
>> Administrators local group (localized name can be different, SID is
>> S-1-5-32-544) is a root/superuser equivalent.
>> 
>> It is true that some objects have permissions that prevent Administrators
>> from accessing them, but any member of Administrators can take
>> ownership/change permissions/run as SYSTEM and access those objects.

> IIRC, even Administrators can't run as SYSTEM. To run as SYSTEM, you need to
> somehow coerce a process that runs as SYSTEM to do something for you. Usually
> achieved by running a [temporary] service and having it do what you want to be
> done.

> Notably, SYSTEM (but not Administrator) can impersonate any other user without
> needing a password

Only locally.
But then again, impersonation versus having an inherent god power.

> (other users can only impersonate with a password - i.e.
> they need to authenticate themselves). In that sense SYSTEM is the true root
> (though there are other high-privilege accounts, such as Trusted Installer and
> Local Service that might be able to do the same things).



-- 
With best regards,
Andrey Repin
Friday, May 10, 2019 16:53:51

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Andrey Repin]

Greetings, Henning!

> In order to not be misunderstood: the question is not about executing
> a single command as a priviledged user.

> Instead, I'm asking how to get rid the annoying Unknown+User and
> Unknown+Group  with six digits IDs permanently.

This is not possible. Windows permissions system symply do not have the "god
user" as a concept. End of story.


-- 
With best regards,
Andrey Repin
Thursday, May 9, 2019 11:24:06

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Chris Johmson]

On 5/8/2019 9:50 AM, Henning wrote:
> In order to not be misunderstood: the question is not about executing
> a single command as a priviledged user.
>
> Instead, I'm asking how to get rid the annoying Unknown+User and
> Unknown+Group  with six digits IDs permanently.
>

I'm assuming you want to be root in cyg terminal,yes?  Have you tried 
right click on cyg terminal an Run as admibisrator?


-- 

Chris Johnson 	rchristopherjohnson@gmail.com
Ex SysAdmin, now, writer 	/Not a shred of evidence exists in favor of 
the idea that life is serious.
/(Brendan Gill)


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: How to become root/root (0/0)

[Erik Soderquist]

On Wed, May 8, 2019 at 9:50 AM Henning wrote:
>
> In order to not be misunderstood: the question is not about executing
> a single command as a priviledged user.
>
> Instead, I'm asking how to get rid the annoying Unknown+User and
> Unknown+Group  with six digits IDs permanently.

This indicates user lookup is not working for some reason; did you
configure and start the cygserver service?
https://cygwin.com/cygwin-ug-net/ntsec.html

> What I've tried so far:
>
> 1. put USER=root and HOME=/root
>     This gave me only /root as $HOME.
>
> 2. put the USER=root and UID=0 on the starting cmdline like so
>     U:\bin\mintty.exe -d -T tty1 -i /Cygwin-Terminal.ico /bin/env TTY=1
> USER=root UID=0 /bin/bash -il
>     which gave me $UID=0 but not $USER=root
>
> 3. additionally set USER=root in ~/.profile
>     this finally yielded $USER=root

I think you are conflating things...  On Windows, UID 0 does not
exist, and so trying to force UID 0 I would expect to result in less
than guest privileges.

> _but_ to no avail. because echo foo > bar and then ls -{l,n} showed
> that absolutely nothing had changed: USER=Unknown+User (-1) etc.
> And, what's worse, an attempt to chmod user perms of ./bar was not
> possible.
>
> 4. following an old thread (Nov 2003) in the cygwin-apps mailing list
>     I created /etc/passwd with the line
>           root::0:0:me:/root:/bin/bash
<snip>
>
> but again, to no avail. I simply can't get rid of the Unknowen+User
> stuff. (And I am unable to change the user bits of permissions.)

Except for relatively rare corner cases, the use of /etc/passwd in
Cygwin has been deprecated for a long time now.  This might actually
be causing you significant problems now if you are not one of the rare
corner cases.
https://cygwin.com/cygwin-ug-net/ntsec.html

> I forgot to mention that my Windows user name is root, and I am the
> only user, that is, administrator, group administrators. And I have
> switched off UAC (registry) in order to avoid constant annoyances
> regarding permissions.

I certainly understand the feeling here; what I do instead of
disabling UAC is configure sshd and alias 'sudo' to 'ssh localhost';
this way I am not always running everything with the admin tokens.

> What do I have to do, to get root (user and group).

again, conflating; UID/GID 0 does not exist; the nearest equivalent is
running the process(es) with the admin tokens in place.  Trying to
force UID/GID 0 may be what broke this in your environment.

> N.B. My cygwin installation is up to date. Windows 8.1
> I have been using Linux for nearly 25 years (since kernel 1.2/3) and
> cygwin since 2002. So this is not my first cygwin experience, but my
> worst up to now.

I reference https://cygwin.com/cygwin-ug-net/ntsec.html specifically
because you specify your cygwin install is up to date, but you are
using the deprecated /etc/passwd etc. files.

-- Erik

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

How to become root/root (0/0)

[Henning]

In order to not be misunderstood: the question is not about executing
a single command as a priviledged user.

Instead, I'm asking how to get rid the annoying Unknown+User and
Unknown+Group  with six digits IDs permanently.

What I've tried so far:

1. put USER=root and HOME=/root
    This gave me only /root as $HOME.

2. put the USER=root and UID=0 on the starting cmdline like so
    U:\bin\mintty.exe -d -T tty1 -i /Cygwin-Terminal.ico /bin/env TTY=1 
USER=root UID=0 /bin/bash -il
    which gave me $UID=0 but not $USER=root

3. additionally set USER=root in ~/.profile
    this finally yielded $USER=root

_but_ to no avail. because echo foo > bar and then ls -{l,n} showed
that absolutely nothing had changed: USER=Unknown+User (-1) etc.
And, what's worse, an attempt to chmod user perms of ./bar was not
possible.

4. following an old thread (Nov 2003) in the cygwin-apps mailing list
    I created /etc/passwd with the line
          root::0:0:me:/root:/bin/bash
    with and without the asterisk for the empty password
    and also /etc/group with the lines
          root:S-1-5-32-544:0:
          Administrators:S-1-5-32-544:544:

    and I edited /etc/nsswitch.conf to contain
          passwd:   files	# db
          group:    files	# db
          db_enum:
          db_home:
          db_shell:
          db_gecos:

but again, to no avail. I simply can't get rid of the Unknowen+User
stuff. (And I am unable to change the user bits of permissions.)

I forgot to mention that my Windows user name is root, and I am the
only user, that is, administrator, group administrators. And I have
switched off UAC (registry) in order to avoid constant annoyances
regarding permissions.

What do I have to do, to get root (user and group).

... slightly desparate.

Henning

N.B. My cygwin installation is up to date. Windows 8.1
I have been using Linux for nearly 25 years (since kernel 1.2/3) and
cygwin since 2002. So this is not my first cygwin experience, but my
worst up to now.

Henning





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple