Hello, hope you still remember this thread :) (http://cygwin.com/ml/cygwin/2003-10/msg00914.html).
On Fri, Oct 17, 2003 at 03:52:03PM +0200, Corinna Vinschen wrote: > > > Start a > > > service under system account as inetd and let it handle the user context > > > switch. > > Thanks for the tip, I'll do so. > To be more correct: Start inetd or xinetd as service, and add rsync to > /etc/inetd.conf or /etc/xinetd.d/. Or, if rsync can handle this (I don't > know), start it directly from cygrunsrv also under SYSTEM account. I've played with all alternatives, and everything works fine (BTW, it was a TFTP server). After some thinking I decided to keep the setup as simple as possible, and not to use inetd. So, I have the following options: 1. Patch the server not to use setreuid, install it as a service and run it as SYSTEM. 2. Install the server as a service, give the SYSTEM user "Create a token object" privilege and let the server setreuid to nobody. 3. Install the server as a service to be run as nobody or as a special user just for this service (say, "tftp"). I am personally inclined to use (1). It seems to me that (2) brings more risk than security, and that (3) differs not much from (1). What do you think? Do you think (1) is the best solution? Which one would you prefer? Thanks in advance, Baurjan. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/