From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 8292 invoked by alias); 28 May 2016 21:35:01 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 8275 invoked by uid 89); 28 May 2016 21:35:00 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=2.5 required=5.0 tests=AWL,BAYES_20,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 spammy=desires, Admin, youtube, hazardous X-HELO: smtp3.hushmail.com Received: from smtp3.hushmail.com (HELO smtp3.hushmail.com) (65.39.178.200) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Sat, 28 May 2016 21:34:50 +0000 Received: from smtp3.hushmail.com (localhost [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 63CB7E01E2 for ; Sat, 28 May 2016 21:34:48 +0000 (UTC) X-hush-tls-connected: 1 Received: from smtp.hushmail.com (w9.hushmail.com [65.39.178.29]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp3.hushmail.com (Postfix) with ESMTPS for ; Sat, 28 May 2016 21:34:48 +0000 (UTC) Received: by smtp.hushmail.com (Postfix, from userid 99) id 3EBEB40137; Sat, 28 May 2016 21:34:48 +0000 (UTC) MIME-Version: 1.0 Date: Sun, 29 May 2016 02:40:00 -0000 To: cygwin@cygwin.com Subject: [nfs-server] Hazardous changes introduced in 2.3-6 From: jcwilson.cygwin@nym.hush.com Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="UTF-8" Message-Id: <20160528213448.3EBEB40137@smtp.hushmail.com> X-IsSubscribed: yes X-SW-Source: 2016-05/txt/msg00365.txt.bz2 I have been using the 32-bit version nfs-server 2.3-5 package successfully for the past few months to share my Cygwin filesystem with a locally hosted VirtualBox VM. So I was pleased to see that the nfs-server package had finally made it into the 64-bit Cygwin release. However, there was an unexpected change that caused some major headaches for me when I tried to replicate my setup with the new 2.3-6 package. Specifically, these lines that were added to the nfs-server-config script: editrights -u ${NFSD_USER} -a SeDenyInteractiveLogonRight editrights -u ${NFSD_USER} -a SeDenyRemoteInteractiveLogonRight In my 2.3-5 configuration I had installed the 3 cygrunsrv services (portmap, rpc.nfsd, rpc.mountd) to use my login account as the services' user. However, using the same configuration in 2.3-6 had the nasty side-effect of locking me out of my own system the next time I had to log in to my computer. This effect is not documented anywhere that I could find. Furthermore this seems like an error-prone default since the 2.3-6 nfs-server-config now forces the user to specify an account to use as the service user. (the 2.3-5 version offered the initial option of just using the System account, I believe). Upon attempting to log back in I was presented with the following error message after entering my password: "The sign-in method you're trying to use isn't allowed. For more info, contact your network administrator." As someone who had not enabled the builtin Admin account for login and only had the one user login account, this was a harrowing experience that I was luckily able to recover from with the help of some youtube videos and some bizarre security decisions on Microsoft's part. Can we discuss removing these two lines, or at least provide a way to opt out of applying them if the user so desires? Ideally, it would be an opt-in, I would think, given the potential for danger. The reason I am using my local login account as the service user is because I am sharing directories from within my Windows home directory in a RW fashion. The System user has difficulty getting permissions to perform the necessary operations. All other changes to the new 2.3-6 are for the better. In fact, it seems to handle VirtualBox virtual ethernet adapters much better than the 32-bit version. And I no longer have to perform a system restart for some nfsd settings to take effect. Thank you for work on this project. I just want to do my part to make it better, too. Also, one other thing I noticed is that the src package for 2.3-6 does not seem to actually include the correct src.tar.bz2 file. Instead, it still only includes the 2.3-5 bz2 file. As such, it's impossible to attempt to submit a patch to correct this problem. -Josh (I apologize if this appears a second time in the mailing list. I don't see the first post I made on 5/27 in the archives yet and I'm not sure it made it out to the list) -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple