Web lists-archives.com

Help with sgid into the Administrators group (or alternatives?)




I am continuing to port GT.M to Cygwin
(https://www.fisglobal.com/solutions/banking-and-wealth/services/database-engine).

The database has a suid program that is marked u+s (root suid) on the
file permissions so that it can run as root whenever invoked. One of
the first things it does is cd to another directory that is owned by
root and is not accessible by anybody else.

Cygwin doesn't have the concept of root; so I am trying to implement
this by sgid into the Adminstrators group (544) from a limited user
account (i.e., set-up that way on Windows). The executable, instead of
being suid root, is sgid Adminstrators. The sgid C call apparently
succeeds when I run it from gdb, but the C chdir instruction fails.

I read https://cygwin.com/cygwin-ug-net/ntsec.html; but haven't done
anything it says. After all, the sgid call apparently succeeded.

My question is: am I on the right path; or is Windows and Cygwin being
reasonable in denying my request to chdir when the user is not a
member of the Administrators group, in spite of the executable being
sgid Administrators?

--Sam

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple