From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 54490 invoked by alias); 8 Jun 2018 13:34:55 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 54463 invoked by uid 89); 8 Jun 2018 13:34:55 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=HX-Received:sk:n11-v6m, authentication, services X-HELO: mail-wr0-f196.google.com Received: from mail-wr0-f196.google.com (HELO mail-wr0-f196.google.com) (209.85.128.196) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 08 Jun 2018 13:34:53 +0000 Received: by mail-wr0-f196.google.com with SMTP id l10-v6so13446202wrn.2 for ; Fri, 08 Jun 2018 06:34:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=t+1dPmV9QxBIzGnY4+xJlkjNbi+8GWYrxVMpEHo698c=; b=QxExNNP+5+BFxNaPBRv3xQfRlyn7zCR6O9dyNJD24oyR98sJ49aqo3Y3aIiUkIaXN5 yJFkotifTDLSC57nDmey8FfN451WSsv6buMpR9t6iwhGT4jwD26h/eF9vw8jv908ra1L aAVQzqnFPR3hhZeAlen0KGMGwHughh6CeEo+s1QvECLe+WQB1AvYkWWlABTfZ0C1rnWj ECcNXfWvczW/eyuRtSR1O5WpW+o/JZMUGXBfh0WmMslyykLzI/TEqXHM1tVOs5lwHaHm iOymKNu4yWCAXJR+6xMVrCsuJjenWxo7q0dvpu/APWenXhhiRR/hAUemmp+Kc1aBx62q L2QA== X-Gm-Message-State: APt69E0zqNt5ol2ux5/b2F0mjcyZCr88kKc7hSf3lvoCR3hJW2472aSj JHitViQxXVaV5dWnbmSBXcFz/qtio4gxcLMXtmILbz54 X-Google-Smtp-Source: ADUXVKK2oi3ZPwzqgCagJ9+shLgtkZC6LjQfT/A/XosQ6ggR8DIOE1gQBvv8Xjr2ezHyUc+2UhvTNTyotbKm+mzdoQ0= X-Received: by 2002:adf:e78b:: with SMTP id n11-v6mr5121778wrm.136.1528464891689; Fri, 08 Jun 2018 06:34:51 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1c:d8c3:0:0:0:0:0 with HTTP; Fri, 8 Jun 2018 06:34:51 -0700 (PDT) In-Reply-To: References: From: Sam Habiel Date: Fri, 08 Jun 2018 13:34:00 -0000 Message-ID: Subject: Re: Help with sgid into the Administrators group (or alternatives?) To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2018-06/txt/msg00091.txt.bz2 I installed the LSA authentication package; but no difference in behavior was found. --Sam On Wed, Jun 6, 2018 at 9:20 AM, Sam Habiel wrote: > I am continuing to port GT.M to Cygwin > (https://www.fisglobal.com/solutions/banking-and-wealth/services/database-engine). > > The database has a suid program that is marked u+s (root suid) on the > file permissions so that it can run as root whenever invoked. One of > the first things it does is cd to another directory that is owned by > root and is not accessible by anybody else. > > Cygwin doesn't have the concept of root; so I am trying to implement > this by sgid into the Adminstrators group (544) from a limited user > account (i.e., set-up that way on Windows). The executable, instead of > being suid root, is sgid Adminstrators. The sgid C call apparently > succeeds when I run it from gdb, but the C chdir instruction fails. > > I read https://cygwin.com/cygwin-ug-net/ntsec.html; but haven't done > anything it says. After all, the sgid call apparently succeeded. > > My question is: am I on the right path; or is Windows and Cygwin being > reasonable in denying my request to chdir when the user is not a > member of the Administrators group, in spite of the executable being > sgid Administrators? > > --Sam -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple