Correct way to run apps from Application List with required user permissions ? #521
Replies: 4 comments 3 replies
-
Any command you run from sunshine will run with the same permissions of how sunshine is running. Running sunshine as a service runs it as the I have not tried this within sunshine, but you can try psexec to execute commands as another user. |
Beta Was this translation helpful? Give feedback.
-
We should definitely be launching apps with active console user's token rather than our own SYSTEM token. Unfortunately, this means gutting the nice cross-platform Boost code. There are a variety of ways to do this such as https://devblogs.microsoft.com/oldnewthing/20190425-00/?p=102443 (I think this should work because sunshinesvc.exe spawns sunshine.exe into the user session, so I believe Rather than passing the shell process as a parent as in Raymond Chen's example code, we could also duplicate the token from it (like sunshinesvc itself does) and use |
Beta Was this translation helpful? Give feedback.
-
#600 will fix this when merged. |
Beta Was this translation helpful? Give feedback.
-
This issue has been fixed and will be available in the next release. |
Beta Was this translation helpful? Give feedback.
-
Hello! I am using sunshine on my windows 10 host installed with defaut installer "sunshine-windows.exe". Installer create sunshinesvc service running with NT AUTHORITY\SYSTEM permissions.
On shunshine windows host i have restricted user account in regular users group (not Administrators) where my desktop apps and some games. When I need, i can switch to Administrator account or make "Run As Administartor". But always work as regular user.
Using moonlight client i can connect to sunshine windows host using default “Desktop” shortcut is hardcoded into sunshine. After connection i manually launch game from windows desktop shortcuts and game starting with correct regular user currently loggoned .
In sunshine web panel in Applications i create test game shortcut "Prodeus" with standart options like this:
After running test game shortcut "Prodeus" i found that game starts with NT AUTHORITY\SYSTEM user !!!
Accordingly, all my settings and saves are unavailable, like you start game first time. Home folder for NT AUTHORITY\SYSTEM user become: %WinDir%\system32\config\systemprofile !
I think it's wrong to play games with NT AUTHORITY\SYSTEM user account and store game settings in the system directory ... :)
And this is a big security problem.
My question is: How i can correctly run apps from Application List with the required user rights ?
p.s. Thanks for your working!
Beta Was this translation helpful? Give feedback.
All reactions