----- Original Message -----
From: "Steven Hartland"
That's weird. Cygwin always enables the backup and restore privileges
if they are available. The whoami printout in your previous mail
shows that the privilege is in the token. But the above code shows
that the AdjustTokenPrivileges() call for the backup and restore
rights both fail with ERROR_NOT_ALL_ASSIGNED. The problem is that
there's no indication why it fails. Per MSDN this should only happen
if the privilege is not in the token.
Bottom line is, there's nothing Cygwin can do about this. Did you
look into the security event long? Maybe there's a hint why this
fails.
You thought that was weird I just logged onto the box to test and look
in the security event log and it just started working. No changes
that I can find have been made, it was even the same cygwin prompt
from the previous tests. If I find out what caused the change I will
report back as I have another identical machine left to install.
Very strange, most appreciate your help on this.
Sorry seems I missed one critical element here. I thought I was doing
all the tests under a cygwin prompt but in fact the chown's I was
doing under an ssh'ed prompt. It works under a cygwin prompt on the
desktop but fails when I'm ssh'ed in. So this actually looks like it
may be a problem with ssh under 2008?
I've attached the output from whoami in both cases. A privaledege
missing from the sshd_server user may be? Note: ssh was installed
with a slightly older than latest version of cygwin so if this has
changed to support 2008 recently that could be where my problem lies.
Regards
Steve
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>which whoami
/cygdrive/c/Windows/system32/whoami
C:\Users\Administrator>whoami /all
USER INFORMATION
----------------
User Name SID
==================== ============================================
blade0\administrator S-1-5-21-1034854827-3221323542-428946914-500
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
===================================== ================ ============
===============================================================
Everyone Well-known group S-1-1-0 Mandatory
group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory
group, Enabled by default, Enabled group, Group owner
BUILTIN\Users Alias S-1-5-32-545 Mandatory
group, Enabled by default, Enabled group
NT AUTHORITY\REMOTE INTERACTIVE LOGON Well-known group S-1-5-14 Mandatory
group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory
group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory
group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory
group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory
group, Enabled by default, Enabled group
NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory
group, Enabled by default, Enabled group
Mandatory Label\High Mandatory Level Unknown SID type S-1-16-12288 Mandatory
group, Enabled by default, Enabled group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
=============================== =========================================
========
SeIncreaseQuotaPrivilege Adjust memory quotas for a process
Disabled
SeSecurityPrivilege Manage auditing and security log
Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects
Disabled
SeLoadDriverPrivilege Load and unload device drivers
Disabled
SeSystemProfilePrivilege Profile system performance
Disabled
SeSystemtimePrivilege Change the system time
Disabled
SeProfileSingleProcessPrivilege Profile single process
Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority
Disabled
SeCreatePagefilePrivilege Create a pagefile
Disabled
SeBackupPrivilege Back up files and directories
Disabled
SeRestorePrivilege Restore files and directories
Disabled
SeShutdownPrivilege Shut down the system
Disabled
SeDebugPrivilege Debug programs
Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values
Disabled
SeChangeNotifyPrivilege Bypass traverse checking
Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system
Disabled
SeUndockPrivilege Remove computer from docking station
Disabled
SeManageVolumePrivilege Perform volume maintenance tasks
Disabled
SeImpersonatePrivilege Impersonate a client after authentication
Enabled
SeCreateGlobalPrivilege Create global objects
Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set
Disabled
SeTimeZonePrivilege Change the time zone
Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links
Disabled
C:\Users\Administrator>
[EMAIL PROTECTED]/usr/local/games: /cygdrive/c/Windows/system32/whoami /all
USER INFORMATION
----------------
User Name SID
================== ============================================
blade0\sshd_server S-1-5-21-1034854827-3221323542-428946914-500
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
================================ ================ ============ ==================================================
Everyone Well-known group S-1-1-0 Mandatory group,
Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group,
Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group,
Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group,
Enabled by default, Enabled group
NT AUTHORITY\SERVICE Well-known group S-1-5-6 Mandatory group,
Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group,
Enabled by default, Enabled group
BUILTIN\Users Alias S-1-5-32-545 Mandatory group,
Enabled by default, Enabled group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
=============================== ========================================= ========
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Enabled
SeSecurityPrivilege Manage auditing and security log Enabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers
Disabled
SeSystemProfilePrivilege Profile system performance Enabled
SeSystemtimePrivilege Change the system time Enabled
SeProfileSingleProcessPrivilege Profile single process Enabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Enabled
SeCreatePagefilePrivilege Create a pagefile Enabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories
Disabled
SeShutdownPrivilege Shut down the system Enabled
SeDebugPrivilege Debug programs Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values Enabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Enabled
SeUndockPrivilege Remove computer from docking station Enabled
SeManageVolumePrivilege Perform volume maintenance tasks Enabled
SeImpersonatePrivilege Impersonate a client after authentication Disabled
SeCreateGlobalPrivilege Create global objects Enabled
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
