Greetings, D. Boland! > Hi Corinna,
> Corinna Vinschen wrote: >> >> > Isn't it about time to make this our First Directive also? >> >> Not in relation to the uid. In contrast to Linux we don't have the one >> single root user. We have potentially endless numbers of them, and one >> of them, not necessarily SYSTEM, is used to run the service. Keep in >> mind that there may also be company policy in place which disallows >> installing services under specific accounts unless absolutely necessary. >> >> Therefore, while we mostly strive to make Cygwin accommodate user >> space, we're not able to do it related to the root uid. >> > Thanks for your lengthly and detailed answer. I appreciate that. But don't > you think > upstream maintainers will raise at least one eyebrow if we propose code that > makes > any user who starts the program the root/admin user? You obviously did not understand Corinna's reply. And removed the part of reply that directly answer all your questions. > You suggest only those who are in the admin group. But that will soon be any > service > that starts up. That's essentially the same as starting services as root on *NIX system. I fail to see the difference. > It actually is my solution to running Sendmail: create the Sendmail user, > called > 'smmsp' and make it an Administrator, so it can impersonate users on my > system. > But I don't like my solution, because this would mean I have to create an > admin-user > for any Linux service that I install. So now my Cygwin setup would be crowded > with > highly privileged daemons, listening, waiting to get hacked. Windows privilege model allow you to alleviate such concerns. > The more elegant solution would be to create only one secondary privileged > user, > let's call it 'root' ;-). Now Sendmail can start as root, switch to the > totally > *unprivileged* 'smmsp' user and receive mail. This is essentially what Cygwin is doing right now. > Of course the real bonus is that these unprivileged users wouldn't need > passwords, > since they are impersonated, not logged on. These would consequently be > *super-secure* users, because it is impossible to login with an empty > password. You'd be surprised. > Why is this related to the uid issue? Because there's no fixed UID. This is a core system difference, that you have to live with. > I already tested the second solution. I found out that if I assign my 'root' > user the '0' id in /etc/passwd, it actually works. I was delighted, because > I could roll-back all these weird changes I put in the > Sendmail/procmail/mail.local source to fix the getuid != 0 problem. /etc/passwd will soon be gone. > If we go with this MS-imposed idea of "putting services in admin-context", There's no such idea. You just imagined it. > Cygwin security will be done for in the long run. Why not make the leap and > show MS admins/developers how it should be done? You really think they are all idiots?... Like, really? -- WBR, Andrey Repin (anrdae...@yandex.ru) 23.07.2014, <20:01> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
