From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 98155 invoked by alias); 6 Jun 2018 13:20:54 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 96497 invoked by uid 89); 6 Jun 2018 13:20:53 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=UD:M, services X-HELO: mail-wr0-f169.google.com Received: from mail-wr0-f169.google.com (HELO mail-wr0-f169.google.com) (209.85.128.169) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 06 Jun 2018 13:20:52 +0000 Received: by mail-wr0-f169.google.com with SMTP id y15-v6so6253027wrg.11 for ; Wed, 06 Jun 2018 06:20:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=AaOkAg0bFzw2KVe5SZahoBiAq5p3lt/5+GwQRbvtkZA=; b=jC16w8PQFRW+4Vjl7Ew+DI6+Dm98yHX3qJ5q8uMcoVHRGsNomXiLM3v5tw/E/+gkYa yFBXDvNx3fI1LWZ5FXa5Alsqg66lfoppQEncgeYFuF7yGJkS4Rc6KUfG4CXBLp3k1bSh gVYtOD+LT9U6pdO7J7dkJR11J/U21pTUqJX9Ruz5xaTU6+lPvCV2dQZY9gLzG7kE+0GT sAfAwWwTK4UCEkLK9aP0p22+aIKhiJkn85VmI5Zj4jCMXFRyGqEnWufik1XkkbdWjU5u OLxQ8d1GFAKo7O+xCbKOZzGdYsKoibZgrn6U3o2n/7cwoUOb5uW82+ZY4MBkMFvV7810 0/vQ== X-Gm-Message-State: APt69E2dXlWyDcMiOvGqm7a4Yq3xHNtVFQCVEnSiqKeezJ3n2OtV0hxa Wm4hy64XQfCERXLjgq9QMi2X66yvVu/GO6z0GhtKZBL9 X-Google-Smtp-Source: ADUXVKJBDWvjbxTJkPGpoYL7B218+stHrqpoGF94ZjTITqUB5IkK8G9jCxA45sDUbtmlwFWnCfA8N7f6bAkagFM7NZE= X-Received: by 2002:adf:a686:: with SMTP id t6-v6mr2316830wrc.51.1528291249818; Wed, 06 Jun 2018 06:20:49 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1c:d8c3:0:0:0:0:0 with HTTP; Wed, 6 Jun 2018 06:20:49 -0700 (PDT) From: Sam Habiel Date: Wed, 06 Jun 2018 13:20:00 -0000 Message-ID: Subject: Help with sgid into the Administrators group (or alternatives?) To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2018-06/txt/msg00060.txt.bz2 I am continuing to port GT.M to Cygwin (https://www.fisglobal.com/solutions/banking-and-wealth/services/database-engine). The database has a suid program that is marked u+s (root suid) on the file permissions so that it can run as root whenever invoked. One of the first things it does is cd to another directory that is owned by root and is not accessible by anybody else. Cygwin doesn't have the concept of root; so I am trying to implement this by sgid into the Adminstrators group (544) from a limited user account (i.e., set-up that way on Windows). The executable, instead of being suid root, is sgid Adminstrators. The sgid C call apparently succeeds when I run it from gdb, but the C chdir instruction fails. I read https://cygwin.com/cygwin-ug-net/ntsec.html; but haven't done anything it says. After all, the sgid call apparently succeeded. My question is: am I on the right path; or is Windows and Cygwin being reasonable in denying my request to chdir when the user is not a member of the Administrators group, in spite of the executable being sgid Administrators? --Sam -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple