Re: TEST RELEASE: Cygwin 1.7.33-0.7

Re: TEST RELEASE: Cygwin 1.7.33-0.7

[Kelley Cook]

On Thu, Nov 6, 2014 at 10:52 AM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> Hi Cygwin friends and users,
>
>
> I just released a 7th TEST version of the next upcoming Cygwin release,
> 1.7.33-0.7.
>

I discovered that /usr/bin/cron-config which is part of the cron
package will need to be updated as it attempts to parse /etc/group .

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: TEST RELEASE: Cygwin 1.7.33-0.7

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 627 bytes --]

On Nov  6 13:38, Kelley Cook wrote:
> On Thu, Nov 6, 2014 at 10:52 AM, Corinna Vinschen
> <corinna-cygwin@cygwin.com> wrote:
> > Hi Cygwin friends and users,
> >
> >
> > I just released a 7th TEST version of the next upcoming Cygwin release,
> > 1.7.33-0.7.
> >
> 
> I discovered that /usr/bin/cron-config which is part of the cron
> package will need to be updated as it attempts to parse /etc/group .

Right, it should use getent instead.  Pierre?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

RE: TEST RELEASE: Cygwin 1.7.33-0.7

[Pierre A. Humblet]

> -----Original Message-----
> From: Corinna Vinschen 
> Sent: Thursday, November 06, 2014 13:51
> 
> On Nov  6 13:38, Kelley Cook wrote:
> > On Thu, Nov 6, 2014 at 10:52 AM, Corinna Vinschen wrote:
> > > Hi Cygwin friends and users,
> > >
> > >
> > > I just released a 7th TEST version of the next upcoming Cygwin
> > > release, 1.7.33-0.7.
> > >
> >
> > I discovered that /usr/bin/cron-config which is part of the cron
> > package will need to be updated as it attempts to parse /etc/group .
> 
> Right, it should use getent instead.  Pierre?
 
Right, and ditto for exim config and postinstall
How much time do I have?

Now cron-config checks if a username appears multiple times in passwd.
Typically one instance is a domain id and the other one is a local id.
That causes havoc with cron
It happens fairly frequently; there was even such a "bug report" recently.

How does getent handle that case? Is it detectable from a config file?

Pierre


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: TEST RELEASE: Cygwin 1.7.33-0.7

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1500 bytes --]

On Nov  6 16:08, Pierre A. Humblet wrote:
> > -----Original Message-----
> > From: Corinna Vinschen 
> > Sent: Thursday, November 06, 2014 13:51
> > 
> > On Nov  6 13:38, Kelley Cook wrote:
> > > On Thu, Nov 6, 2014 at 10:52 AM, Corinna Vinschen wrote:
> > > > Hi Cygwin friends and users,
> > > >
> > > >
> > > > I just released a 7th TEST version of the next upcoming Cygwin
> > > > release, 1.7.33-0.7.
> > > >
> > >
> > > I discovered that /usr/bin/cron-config which is part of the cron
> > > package will need to be updated as it attempts to parse /etc/group .
> > 
> > Right, it should use getent instead.  Pierre?
>  
> Right, and ditto for exim config and postinstall
> How much time do I have?
> 
> Now cron-config checks if a username appears multiple times in passwd.
> Typically one instance is a domain id and the other one is a local id.
> That causes havoc with cron
> It happens fairly frequently; there was even such a "bug report" recently.
> 
> How does getent handle that case? Is it detectable from a config file?

Cygwin will only see the first one of these user names when reading from
passwd, same for getent (or cron).  I don't think config scripts have to
handle every configuration error.  On systems not using passwd and group
files, this problem wouldn't occur for instance.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

RE: TEST RELEASE: Cygwin 1.7.33-0.7

[Pierre A. Humblet]

[-- Attachment #1: Type: text/plain, Size: 1971 bytes --]

> -----Original Message-----
> From: Pierre A. Humblet 
> Sent: Thursday, November 06, 2014 16:09
> 
> > -----Original Message-----
> > From: Corinna Vinschen
> > Sent: Thursday, November 06, 2014 13:51
> >
> > On Nov  6 13:38, Kelley Cook wrote:
> > > On Thu, Nov 6, 2014 at 10:52 AM, Corinna Vinschen wrote:
> > > > Hi Cygwin friends and users,
> > > >
> > > >
> > > > I just released a 7th TEST version of the next upcoming Cygwin
> > > > release, 1.7.33-0.7.
> > > >
> > >
> > > I discovered that /usr/bin/cron-config which is part of the cron
> > > package will need to be updated as it attempts to parse /etc/group .
> >
> > Right, it should use getent instead.  Pierre?
> 
> Right, and ditto for exim config and postinstall How much time do I have?
> 
> Now cron-config checks if a username appears multiple times in passwd.
> Typically one instance is a domain id and the other one is a local id.
> That causes havoc with cron
> It happens fairly frequently; there was even such a "bug report" recently.
> 
> How does getent handle that case? Is it detectable from a config file?
 
Corinna

I just realized that deleting the /etc/passwd file in existing domain systems may change usernames, which will break cron and other programs that use files named after usernames. Also the (local) privileged username will change.

For now I have made the following changes to cron-config:
  calling getent
  checking if /etc/passwd exists
  dealing with the extended names for privileged users (they may contain a +, don't use EREs)  
Do you intend to keep mkpasswd/mkgroup ?

I still don't have a 64 bit system, but it's coming this year. It will take me some time to prepare a new cron package and get familiar with the new package upload procedure. 
I am attaching a cron-config diff. Feel free to update the 32 and 64 bit cron packages if you want that done quickly.
cronbug does not seem to require any changes.

Pierre


[-- Attachment #2: cron-config.diff --]
[-- Type: application/octet-stream, Size: 7060 bytes --]

--- cron-config.orig	2014-11-06 15:15:35.037348900 -0500
+++ cron-config	2014-11-07 12:52:53.970746100 -0500
@@ -138,114 +138,41 @@ get_NT() {
     return 0
 } # === End of get_NT() === #
 
-# ======================================================================
-# Routine: warning_for_etc_file
-# Display a warning message for the user about overwriting the specified
-# file in /etc.
-# ======================================================================
-warning_for_etc_file() {
-	echo
-	echo "WARNING: The command above overwrites any existing /etc/$1."
-	echo "You may want to preserve /etc/$1 before generating a new,"
-	echo "one, and then compare your saved /etc/$1 file with the"
-	echo "newly-generated one in case you need to restore other"
-	echo "entries."
-	echo
-} # === warning_for_etc_file() === #
-
 
 # ======================================================================
 # Routine: get_system_and_admins_gids
-# Get the ADMINs ids from /etc/group and /etc/passwd
+# Get the ADMINs ids from group and passwd
 # ======================================================================
 get_system_and_admins_ids() {
     ret=0
-    for fname in /etc/passwd /etc/group; do
-	if ls -ld "${fname}" | grep -Eq  '^-r..r..r..'; then
-	    true
-	else
-	    echo "The file $fname is not readable by all."
-	    echo "Please run 'chmod +r $fname'."
-	    echo
-	    ret=1
-	fi
-    done
-
-    [ ! -r /etc/passwd -o ! -r  /etc/group ] && return 1;
+    ADMINSGID=$(getent group S-1-5-32-544 | sed -e 's/[^:]*:[^:]*:\([0-9]*\):.*$/\1/')
+    SYSTEMGID=$(getent group S-1-5-18 | sed -e 's/[^:]*:[^:]*:\([0-9]*\):.*$/\1/')
+    ADMINSUID=$(getent passwd S-1-5-32-544 | sed -e 's/[^:]*:[^:]*:\([0-9]*\):.*$/\1/')
+    SYSTEMUID=$(getent passwd S-1-5-18 | sed -e 's/[^:]*:[^:]*:\([0-9]*\):.*$/\1/')
 
-    ADMINSGID=$(sed -ne '/^[^:]*:S-1-5-32-544:.*:/{s/[^:]*:[^:]*:\([0-9]*\):.*$/\1/p;q}' /etc/group)
-    SYSTEMGID=$(sed -ne '/^[^:]*:S-1-5-18:.*:/{s/[^:]*:[^:]*:\([0-9]*\):.*$/\1/p;q}' /etc/group)
     if [ -z "$ADMINSGID" -o -z "$SYSTEMGID" ]; then
-		echo "It appears that you do not have correct entries for the"
-		echo "ADMINISTRATORS and/or SYSTEM sids in /etc/group."
-		echo
-		echo "Use the 'mkgroup' utility to generate them"
-		echo "   mkgroup -l > /etc/group"
-		warning_for_etc_file group
+		echo "Entries for the ADMINISTRATORS and/or SYSTEM sids are not found in group."
 		ret=1;
     fi
 
-    ADMINSUID=$(sed -ne '/^[^:]*:[^:]*:[0-9]*:[0-9]*:[^:]*,S-1-5-32-544:.*:/{s/[^:]*:[^:]*:\([0-9]*\):.*$/\1/p;q}' /etc/passwd)
-    SYSTEMUID=$(sed -ne '/^[^:]*:[^:]*:[0-9]*:[0-9]*:[^:]*,S-1-5-18:.*:/{s/[^:]*:[^:]*:\([0-9]*\):.*$/\1/p;q}' /etc/passwd)
     if [ -z "$ADMINSUID" -o -z "$SYSTEMUID" ]; then
-		echo "It appears that you do not have correct entries for the"
-		echo "ADMINISTRATORS and/or SYSTEM sids in /etc/passwd."
-		echo
-		echo "Use the 'mkpasswd' utility to generate it"
-		echo "   mkpasswd -l > /etc/passwd."
-		warning_for_etc_file passwd
+		echo "Entries for the ADMINISTRATORS and/or SYSTEM sids are not found in passwd."
 		ret=1;
     fi
     return "${ret}"
 }  # === get_system_and_admins_ids() === #
 
-# ======================================================================
-# Routine: check_passwd_and_group
-# Check to see whether the user's password ID and group exist in the
-# system /etc/passwd and /etc/group files, respectively.
-# ======================================================================
-check_passwd_and_group() {
-    ret=0
-    if [ "$(id -gn)" = "mkpasswd" ]; then
-	echo "It appears that you do not have an entry for your user ID"
-	echo "in /etc/passwd."
-	echo
-	echo "If so, use the 'mkpasswd' utility to generate an"
-	echo "entry for your User ID in the password file:"
-	echo "   mkpasswd -l -u User_ID >> /etc/passwd"
-	echo "or"
-	echo "   mkpasswd -d -u User_ID >> /etc/passwd."
-	echo
-	ret=1
-    fi
-
-    if [ "$(id -gn)" = mkgroup ]; then
-	echo "It appears that you do not have an entry for your group ID"
-	echo "in /etc/group.  If this check is incorrect, then re-run"
-	echo "this script with the '-f' command-line option."
-	echo
-	echo "Otherwise, use the 'mkgroup' utility to generate an"
-	echo "entry for your group ID in the password file:"
-	echo "   mkgroup -l -g Group_id  >> /etc/group"
-	echo "or"
-	echo "   mkgroup -d -g Group_id >> /etc/group."
-	echo
-	ret=1
-    fi
-    return "${ret}"
-} # === End of check_passwd_and_group() === #
 
 # ======================================================================
 # Routine: check_user
-# Check to see that the specified user exists once in /etc/passwd 
+# Check that the specified user does no exists more than once in /etc/passwd 
 # ======================================================================
 check_user() {
- count=$(grep -ic "^$1:" /etc/passwd)
- if [ $count = 0 ]; then
-     echo "ERROR: User $1 does not appear in /etc/passwd."
-     echo
-     return 1;
+  
+ if [ ! -e /etc/passwd ]; then
+     return 0;
  fi
+ count=$(grep -ic "^$1:" /etc/passwd)
  if [ $count -gt 1 ]; then
      echo "WARNING: User $1 appears $count times in /etc/passwd."
      echo "This may confuse the system."
@@ -489,7 +416,6 @@ cron_diagnose() {
     fi
 
     get_system_and_admins_ids || return 1
-    check_passwd_and_group || return 1
 
     if [ "$username" = "$USER" ]
 	then
@@ -659,15 +585,22 @@ create_user() {
 	fi
     fi
     pwd_entry="$(mkpasswd -l -u "${username}" | sed -e 's?\(^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:\).*?\1/var/empty:/bin/false?')"
-    grep -Eiq "^${username}:" "${SYSCONFDIR}/passwd" && username_in_passwd=yes &&
-      grep -Fiq "${pwd_entry}" "${SYSCONFDIR}"/passwd && entry_in_passwd=yes
-    if [ "${entry_in_passwd}" != "yes" ]; then
-      if [ "${username_in_passwd}" = "yes" ]; then
-	temp="${TEMP_DIR}/passwd.$$.tmp"
-	grep -Ev "^${username}:" "${SYSCONFDIR}/passwd" > "${temp}" &&
-          mv -f "${temp}" "${SYSCONFDIR}/passwd" || return 1
-      fi
-      echo "${pwd_entry}" >> "${SYSCONFDIR}/passwd" || ret=1
+    fullusername=$(echo "$pwd_entry" | sed -e 's/^\([^:]*\):.*$/\1/') 
+    if [ ! -e "${SYSCONFDIR}/passwd" ]; then
+	echo "${pwd_entry}" > "${SYSCONFDIR}/passwd" || ret=1
+        chown "${ADMINSUID}" "${SYSCONFDIR}/passwd"
+        chmod 644  "${SYSCONFDIR}/passwd"
+    else
+    	grep -iq "^${fullusername}:" "${SYSCONFDIR}/passwd" && username_in_passwd=yes &&
+      		grep -Fiq "${pwd_entry}" "${SYSCONFDIR}"/passwd && entry_in_passwd=yes
+    	if [ "${entry_in_passwd}" != "yes" ]; then
+      	    if [ "${username_in_passwd}" = "yes" ]; then
+	        temp="${TEMP_DIR}/passwd.$$.tmp"
+	        grep -iv "^${fullusername}:" "${SYSCONFDIR}/passwd" > "${temp}" &&
+                mv -f "${temp}" "${SYSCONFDIR}/passwd" || return 1
+            fi
+            echo "${pwd_entry}" >> "${SYSCONFDIR}/passwd" || ret=1
+        fi
     fi
     return "${ret}"
 }


[-- Attachment #3: Type: text/plain, Size: 218 bytes --]

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: TEST RELEASE: Cygwin 1.7.33-0.7

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 3348 bytes --]

On Nov  7 13:04, Pierre A. Humblet wrote:
> > -----Original Message-----
> > From: Pierre A. Humblet 
> > Sent: Thursday, November 06, 2014 16:09
> > 
> > > -----Original Message-----
> > > From: Corinna Vinschen
> > > Sent: Thursday, November 06, 2014 13:51
> > >
> > > On Nov  6 13:38, Kelley Cook wrote:
> > > > On Thu, Nov 6, 2014 at 10:52 AM, Corinna Vinschen wrote:
> > > > > Hi Cygwin friends and users,
> > > > >
> > > > >
> > > > > I just released a 7th TEST version of the next upcoming Cygwin
> > > > > release, 1.7.33-0.7.
> > > > >
> > > >
> > > > I discovered that /usr/bin/cron-config which is part of the cron
> > > > package will need to be updated as it attempts to parse /etc/group .
> > >
> > > Right, it should use getent instead.  Pierre?
> > 
> > Right, and ditto for exim config and postinstall How much time do I have?
> > 
> > Now cron-config checks if a username appears multiple times in passwd.
> > Typically one instance is a domain id and the other one is a local id.
> > That causes havoc with cron
> > It happens fairly frequently; there was even such a "bug report" recently.
> > 
> > How does getent handle that case? Is it detectable from a config file?
>  
> Corinna
> 
> I just realized that deleting the /etc/passwd file in existing domain
> systems may change usernames, which will break cron and other programs
> that use files named after usernames. Also the (local) privileged
> username will change.

Yes.  Is there a way to accommodate that?  Maybe a postinstall script
checking for existing user cron files and renaming them if required?

The privileged user name shouldn't matter much after configuration.

> For now I have made the following changes to cron-config:
>   calling getent
>   checking if /etc/passwd exists
>   dealing with the extended names for privileged users (they may
>   contain a +, don't use EREs)  

I just scanned it quickly, but the change looks good.

For all of this, apart from the Cygwin-internal stuff, I'm in the same
boat as anybody else.  I'm not entirely sure about all the consequences
this change will have, and we might all be missing something crucial
during the transition.

> Do you intend to keep mkpasswd/mkgroup ?

Yes.  It's still supposed to be used if somebody needs passwd entries
for some reason.  For the details, see the preliminary documentation
at https://cygwin.com/preliminary-ug/ntsec.html
and https://cygwin.com/preliminary-ug/using-utils.html#mkpasswd
and https://cygwin.com/preliminary-ug/using-utils.html#mkgroup.

Note also the discussion with Christian starting at
https://cygwin.com/ml/cygwin/2014-11/msg00095.html

I have a potential patch in the loop which implements what I wrote here:
https://cygwin.com/ml/cygwin/2014-11/msg00121.html

> I still don't have a 64 bit system, but it's coming this year. It will
> take me some time to prepare a new cron package and get familiar with
> the new package upload procedure.  I am attaching a cron-config diff.
> Feel free to update the 32 and 64 bit cron packages if you want that
> done quickly.  cronbug does not seem to require any changes.

Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]