SUD/SU package
--------------
Version 1.06

Didier CASSEREAU - Laboratoire Ondes et Acoustique, ESPCI
10 rue Vauquelin, 75005 PARIS, FRANCE
E-mail : Didier.Cassereau@espci.fr

Please report any comments, suggestions, bugs, ... and if you are satisfied too !



WARNING : this package requires that TCP/IP is installed on your system.



This package contains :
   - sud.exe    : SU daemon
   - su.exe     : SU client
   - readme.txt : this file

This program is free ; if you like it and use it frequently, a voluntary contribution for 
supporting the development would be appreciated.


1. Installing the SU Daemon
---------------------------



First verify that the TCP/IP protocol is installed on your system.
You must create a directory (for example a subdirectory of your WinNT directory) in which 
you copy the file sud.exe.



Then run the following command :
	sud -insttcp <port number>
The port number can be any positive integer (greater than 1024 to avoid potential problems 
with unix systems), it must not be used by any other tcp service on your system.
Suggested value : 25000

This command just appends the following lines
    #
    # SU Daemon (Didier CASSEREAU)
    #
	su-dc  	    25000/tcp
to your file \winnt\system32\drivers\etc\services.



Then you can install and start the daemon using the following command :
	sud -install
This installs sud as a Windows NT service (automatically starting at boot time).
Check in your service database if it is effectively running. If not, you seem to have a
little problem !


You can also use the "-remove", "-stop", "-restart" to manage the sud service.
Optionally, you can also run sud as a console ("-console" option), but it may not run
correcly due to privilege problems. It is better to run it as a service.


Rules to determine the user environment :

- sud first checks if the user is the currently logged-on user ; if yes, the environment and
  user profile are read from HKEY_CURRENT_USER from the registry

- then sud requests user information from the SAM database, including the profile path

- either the profile path is defined : this means that the user account manager explicitly 
  specifies the user profile that is generally located on the disk of the domain server
  in that case, sud tries to read the user profile from the user specific registry stored in
  the user profile path ; in case of failure, it tries again with locally stored profiles

- or the profile path is not defined : this means that the user has local profiles only stored 
  on the different workstations he uses ; in that case, sud tries to identify the correct 
  profile path and load the corresponding registry entries ; in case of failure, the environment
  variable is not defined




2. Using su
-----------


The program "su" allows you to start a new process using the identity of another user
of your system. Of course, you need to know the login name and password !

You can use the following syntax :
	su [ -u <user> -p <password|-> -c <command> ]

The -u option allows to specify the desired account name ; if not specified on the 
command line, you will have to enter it interactively.
The user is specified as follows : [domain\]username
If the domain is not specified, su first searches the local account database, and then 
searches trusted domain account databases, until it finds the correct username account.
 
The -p option allows to specify the corresponding password ; if not specified on the 
command line, you will have to enter it interactively (no echo !).

The -c option allows to specify the command to be run (cmd by default).

Important : the account name and passwords are crypted before being transmitted to
the server sud !



3. WARNING
----------



Do not forget to close the applications run through su before closing your active session !
Try and see : this can be a serious potential security problem that is not solved in this
first experimental version.



4. REVISIONS
------------

1.05 --> 1.06 :
   * a problem can appear when the process to be started involves the generation of subprocesses
     (e.g. if you wish to start a .bat file) ; in such case, subprocesses can fail with an 
     initialization error of user32.dll/kernel32.dll ; this problem results from a DACL that 
     is specified before the main process starts, and removed before it stops ; this problem
     is now fixed.

1.04 --> 1.05 :
   * previous versions of sud change the DACL of the current desktop and windowstation in an 
     incorrect manner, resulting in an excessive accumulation of incorrect DACLs : this yields 
     an initialization failure of screen savers.
   * the DACL of the current desktop and windowstation is restored if a modification has been required

1.03 --> 1.04 :
   * the evaluation of the user environment in 1.16 fails in many situations ; the problem
     seems to be fixed now.

1.02 --> 1.03 :
   * the child process now receives the system and user environment settings

1.01 --> 1.02 :
   * if an error occurs (privileges, identification failure, ...), an adequate message is
     returned to "su" by the daemon and this error message is printed out.

1.00 --> 1.01 :
   * the user can be specified as "[domain\]user".
