From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7961 invoked by alias); 13 Feb 2014 19:52:47 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 7952 invoked by uid 89); 13 Feb 2014 19:52:46 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.0 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 13 Feb 2014 19:52:46 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 918F852082E; Thu, 13 Feb 2014 20:52:43 +0100 (CET) Date: Thu, 13 Feb 2014 19:56:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Testers needed: New passwd/group handling in Cygwin Message-ID: <20140213195243.GQ2246@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <20140213143849.GH2246@calimero.vinschen.de> <52FD1EDB.8060708@googlemail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xXygN3QAmJYWdGtb" Content-Disposition: inline In-Reply-To: <52FD1EDB.8060708@googlemail.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-SW-Source: 2014-02/txt/msg00328.txt.bz2 --xXygN3QAmJYWdGtb Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2547 On Feb 13 20:36, m0viefreak wrote: > Hello, >=20 > I have a a question about how this change is going to affect > third-party utilities. Especially in the case once chooses to > use the PAM method and get rid of any /etc/{passwd,group} > files completely. >=20 > There seem to be programs (mostly scripts) that make use of > /etc/passwd as a file directly. >=20 > One of them is for example "ssh-host-config". >=20 > The shell script: >=20 > - works with the file directly: > ... > run_service_as=3D$(/usr/bin/grep -Fi "${accnt_name}" /etc/passwd | /usr= /bin/awk -F: '{print $1;}')=20 > ... >=20 > I assume this would have to be changed in the sshd package? Indeed. There's also the csih package which needs to adapt. > - After the script is run it sets various entries in the > /etc/passwd file (sshd shell to /bin/false and home to /var/empty). > I assume I would have to migrate these changes into the > comment if I were to remove the passwd file now. Yes and no. In theory, yes, but in fact the settings for the sshd account don't really matter. It's the account used for privilege separation, and the part of privilege separation which actually needs the sshd account doesn't work on Cygwin due to missing sendmsg/recvmsg descriptor passing. > But more importantly, if I were to run sshd-host-config with > no passwd file present at all, would it correctly set up the > comment entry in the PAM? Uh... there is no PAM here, just local SAM or AD :) But the anwser to your question is "no" at the moment. It's probably advisable to keep the necessary entries for services in /etc/passwd for now. I'll experiment with this, too, in the next couple of days. > Grepping through /bin I found at least one other package > that makes use of /etc/passwd as a file directly (cvsbug), but=20 > since I don't have everything installed I can only assume there > are more cygwin-packages and other programs someone might build > from source. If the package isn't very explicitely a Cygwin-only package, it has to be treated as broken since direct access to /etc/passwd and /etc/group files is a no-no. Yes, the change is a big one, and we will encounter the occasional fallout in the next weeks or months. I'm pretty confident that moving to SAM/AD is the right way to go, but I'm also sure that a a few surprises are still waiting for us. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --xXygN3QAmJYWdGtb Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJS/SKLAAoJEPU2Bp2uRE+gIGAP/3B6Dl6MeEF/kXcl2hIJ9YW5 KUZCZtIdCDN7Tt7jOO2v593VA8+5QzvOBS6BaUKO5sB0W1+9qRkvo9InmtNDhA5k Swbp7jnNQBCUhG69YUDWExFuq5OajS/RTUT63/xsI0VYU290neS+LjnbIGK3mYWQ 10YOjcQANZpKtFi4Lp0MqJcB2/bC4Bu3SrsGvpdQH2ic4v3wvYBrf4TAVCt2FKWb Cg0Io3WOmxsLl54mMhJQF7tG1vVP54YRXdwB8WSGNxad7b/sfleUhND0U3XbbPjw TlHbfC7f0UpJGAnfnAZqO02oXIcKHqwk35zfEHNPGF8PXb5XB58t0ECpeo3Zdx3v kMrCnZJjPRCXs2gTnwS/zdW2gkCCH8TtsuJqIQKEm9UEt0/lFhGVjprZtXYXQ/70 UhEEgmS0n6t1qeTp4NsqYHF+IQTa/ZdMUe5PNEI0ErBUBNIeIgmnMLQLGoQ3nsWG yOAwCdP7arw3QYn1Z+k2jBfogb6W3sbE3DHNQ1T3px2mS0AD/HmaZ2q/kKC6rpfd FBl3YcitljaYNWGp00GAg43kfCYrKV7CMZ8ds1Cdx7GSD8W01CirqkBNbNzJILX0 upUo07QHEO9ZPeepjek4pxT9DY+VEUypIKt+MBUM/6Aj1+5A/o5zCEYsZmfMMdZV ApVd2A6PVNGuiPXmJf6f =UqMh -----END PGP SIGNATURE----- --xXygN3QAmJYWdGtb--