Jason,
Jason Tishler wrote:
> Thanks for the above description. However, creating another privileged
> user, root, in addition to LocalSystem is unnecessary and dangerous.
> Instead, I would use my patch to su (the first URL above) so su will run
> under LocalSystem on Cygwin the same way it would under root on other
> Unixes. With this patched su, you can then run init under LocalSystem
> as recommended.
I see your point, but I don't agree :-)
There are some (important, IMHO) advantages to run init as uid 0 (a.k.a.
root), instead of as LocalSystem:
1) You can log on as root. More importantly, you can use W2K's "Run as"
utility to run e.g. rxvt as root, and execute init scripts interactively
(as in "/etc/rc.d/init.d/sshd restart").
That makes life a *lot* easier when debugging, temporarily disabling
services, etc. Executing typical sysv init scripts as another user, e.g.
"Administrator", will result in failure or disaster (depending on script
and privileges).
2) You can use su when running as root. Also makes life a lot easier:
just say "su postgres -c 'psql template1'" to administer postgresql.
3) You probably *gain* some security. Many (most?) unix daemons behave
differently when run as uid 0, in order to prevent certain exploits or
configuration errors when running as root. Just one example: apache
(wisely) refuses to run with "User root" in httpd.conf, but happily
accepts "User system".
Unless such programs are really, really carefully ported to Cygwin, you
get a security hole when running them as uid 18 (i.e. "SYSTEM").
4) It just feels a bit more unixy :-)
Just my $0.02.
/dan