| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:content-type | |
| :content-transfer-encoding:date:from:to:subject:message-id; q= | |
| dns; s=default; b=AbTHVklpkCXVSEjXSRbQevHD9Kl2OCLv/EpRMhqdI85abz | |
| Pk8nSXx4OSvAtxQWlNQ6jP3Lx77Na2Bb/kV9fXXcfq4dTPJbYedc2tM8PQROpiph | |
| yrbKTCf+VmNS8MnyY5SCDOVwyvAY86hgTpMVlHAgxZct/QdakfwNJ1K7WVeFo= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:content-type | |
| :content-transfer-encoding:date:from:to:subject:message-id; s= | |
| default; bh=SZPgthKqpGhbfJT1suCkE3hEAQQ=; b=Dsl2niP45/HthYg4CynA | |
| KyNhxe4l6CJyHyIVBlaiizyFTQZR8vsWJ36G7RimPrvCHnaBXmH7+jYtFABtkOhh | |
| xvh9gF5cAvaE4m/eUsksckPKNuSg9k19Z6Q+TanBfS/1w31Q7JR9zRBsmmiLoArY | |
| /ydhP8eqpcdZUlenkpCD16k= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-1.7 required=5.0 tests=AWL,BAYES_00,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 spammy=expires, sysconfdir, WRONG, Defaulting |
| X-HELO: | lb3-smtp-cloud2.xs4all.net |
| MIME-Version: | 1.0 |
| Date: | Fri, 26 May 2017 21:35:32 +0200 |
| From: | Houder <houder AT xs4all DOT nl> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Installing sshd on W7 reveals errors in CSIH_SCRIPT |
| Message-ID: | <c50589c74b974315dd7756109e270c74@xs4all.nl> |
| X-Sender: | houder AT xs4all DOT nl |
| User-Agent: | XS4ALL Webmail |
| X-IsSubscribed: | yes |
Hi,
Installing sshd on W7 reveals errors in CSIH_SCRIPT ...
CSIH_SCRIPT = /usr/share/csih/cygwin-service-installation-helper.sh
Just now I installed the sshd daemon on my W7 (64-bits Cygwin); I am
still
using /etc/{passwd,group} as the "database" (i.e. NOT Windows SAM).
Invocation of /usr/bin/ssh-host-config (in an elevated shell)
genenerated
the following TWO warnings:
= 1st warning =
passwd: unknown user cyg_server
*** Warning: Setting password expiry for user 'cyg_server' failed!
*** Warning: Please check that password never expires or set it to your
needs.
= 2nd warning =
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM' <===== no what I had in mind!
-----
ssh-host-config sources CSIH-SCRIPT
The function if interest in ssh-host-config is: install_service()
install_service() # skeleton of function as executed in my case
csih_create_privileged_user
csih_service_should_run_as
# ======================================================================
# Action!
# ======================================================================
... lot of statements
install_service || let warning_cnt+=$? # almost at bottom of file
-----
So the functions of interest in CSIH-SCRIPT are:
- csih_create_privileged_user
- csih_service_should_run_as
Near the bottom of csih_create_privileged_use(), "cyg_server" (the
privileged
user) is ADDED to /etc/passwd ... too late and using the wrong
statement.
Too late, because the privileged user ("cyg_server") should already have
been
added near the beginning of this function ...
- that is why the 1st warning is issued (from
csih_create_privileged_user() )
- and because of the wrong statement, "cyg_server" is NOT added to
/etc/passwd
The 2nd warning is generated from csih_service_should_run_as() for the
same
reason ("cyg_server" missing from /etc/passwd).
As a side-effect, the sshd service will be created using the "SYSTEM"
account
i.s.o. "cyg_server" account -- not what was intended!
BTW, the comment at the top of csih_use_file_etc() is WRONG: it should
read:
# ======================================================================
# Routine: csih_use_file_etc passwd|group
...
# Returns 1 if files shall be used, 0 otherwise.
# ======================================================================
Regards,
Henri
=
= Skeleton of both functions as executed in my case
=
1.
csih_create_privileged_user() # in case user cyg_server must be created
# privileged user ("cyg_server") already present?
csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME"
# No, it is NOT! Create user ...
csih_call_winsys32 net user "${csih_PRIVILEGED_USERWINNAME}"
# make the passwd of the privileged user never expire ...
if ! passwd -e "${csih_PRIVILEGED_USERNAME}"
then
... WARNING: Setting password expiry for user "cyg_server" failed!
fi
# Hold on, has user already been added to /etc/passwd (if files is
preferred
# as the "database")? No, the user has NOT been added yet!
=====> This is why Henri gets his 1st warning ...
=====> ... and why he HAD to add user "cyg_server" to /etc/passwd
=====> ... and has to change the service
(no, not the "SYSTEM" account, but the "cyg_server" account!)
... a lot more statements
# TOO LATE and using the WRONG variable name!
# add cyg_server to /etc/passwd ... if and only if files are used as
database
if csih_use_file_etc passwd # yes, Henri uses files as the "database"
then
# HUH?
/usr/bin/mkpasswd -l -u "${username}" >> "${SYSCONFDIR}/passwd"
# I believe the statement should have read: i.e. WRONG variable used
/usr/bin/mkpasswd -l -u "${{csih_PRIVILEGED_USERNAME}" >>
"${SYSCONFDIR}/passwd"
fi
2.
csih_service_should_run_as()
... a lot of statements
if csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME" 1>&2
then
# it already existed before this script was launched (comment by
Corinna)
echo "$csih_PRIVILEGED_USERNAME"
return
elif /usr/bin/getent passwd "${csih_PRIVILEGED_USERNAME}"
then
... ok
else
... Warning: Expected privileged user "cyg_server" does not exist
echo "SYSTEM" # meaning service will use the SYSTEM account (and not
the
# cyg_server account) -- which is NOT was intended!
fi
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |