* Help with sgid into the Administrators group (or alternatives?)
@ 2018-06-06 13:20 Sam Habiel
2018-06-08 13:34 ` Sam Habiel
0 siblings, 1 reply; 2+ messages in thread
From: Sam Habiel @ 2018-06-06 13:20 UTC (permalink / raw)
To: cygwin
I am continuing to port GT.M to Cygwin
(https://www.fisglobal.com/solutions/banking-and-wealth/services/database-engine).
The database has a suid program that is marked u+s (root suid) on the
file permissions so that it can run as root whenever invoked. One of
the first things it does is cd to another directory that is owned by
root and is not accessible by anybody else.
Cygwin doesn't have the concept of root; so I am trying to implement
this by sgid into the Adminstrators group (544) from a limited user
account (i.e., set-up that way on Windows). The executable, instead of
being suid root, is sgid Adminstrators. The sgid C call apparently
succeeds when I run it from gdb, but the C chdir instruction fails.
I read https://cygwin.com/cygwin-ug-net/ntsec.html; but haven't done
anything it says. After all, the sgid call apparently succeeded.
My question is: am I on the right path; or is Windows and Cygwin being
reasonable in denying my request to chdir when the user is not a
member of the Administrators group, in spite of the executable being
sgid Administrators?
--Sam
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Help with sgid into the Administrators group (or alternatives?)
2018-06-06 13:20 Help with sgid into the Administrators group (or alternatives?) Sam Habiel
@ 2018-06-08 13:34 ` Sam Habiel
0 siblings, 0 replies; 2+ messages in thread
From: Sam Habiel @ 2018-06-08 13:34 UTC (permalink / raw)
To: cygwin
I installed the LSA authentication package; but no difference in
behavior was found.
--Sam
On Wed, Jun 6, 2018 at 9:20 AM, Sam Habiel <sam.habiel@gmail.com> wrote:
> I am continuing to port GT.M to Cygwin
> (https://www.fisglobal.com/solutions/banking-and-wealth/services/database-engine).
>
> The database has a suid program that is marked u+s (root suid) on the
> file permissions so that it can run as root whenever invoked. One of
> the first things it does is cd to another directory that is owned by
> root and is not accessible by anybody else.
>
> Cygwin doesn't have the concept of root; so I am trying to implement
> this by sgid into the Adminstrators group (544) from a limited user
> account (i.e., set-up that way on Windows). The executable, instead of
> being suid root, is sgid Adminstrators. The sgid C call apparently
> succeeds when I run it from gdb, but the C chdir instruction fails.
>
> I read https://cygwin.com/cygwin-ug-net/ntsec.html; but haven't done
> anything it says. After all, the sgid call apparently succeeded.
>
> My question is: am I on the right path; or is Windows and Cygwin being
> reasonable in denying my request to chdir when the user is not a
> member of the Administrators group, in spite of the executable being
> sgid Administrators?
>
> --Sam
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-06-08 13:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-06 13:20 Help with sgid into the Administrators group (or alternatives?) Sam Habiel
2018-06-08 13:34 ` Sam Habiel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).