From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27763 invoked by alias); 10 Apr 2008 04:57:26 -0000 Received: (qmail 27608 invoked by uid 22791); 10 Apr 2008 04:57:24 -0000 X-Spam-Check-By: sourceware.org Received: from out4.smtp.messagingengine.com (HELO out4.smtp.messagingengine.com) (66.111.4.28) by sourceware.org (qpsmtpd/0.31) with ESMTP; Thu, 10 Apr 2008 04:56:59 +0000 Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id ED7A4EC5DC for ; Thu, 10 Apr 2008 00:56:56 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Thu, 10 Apr 2008 00:56:57 -0400 Received: from [192.168.1.2] (user-0c6suln.cable.mindspring.com [24.110.122.183]) by mail.messagingengine.com (Postfix) with ESMTPSA id 72667A0C7; Thu, 10 Apr 2008 00:56:56 -0400 (EDT) Message-ID: <47FD9DA7.6010403@cwilson.fastmail.fm> Date: Thu, 10 Apr 2008 07:49:00 -0000 From: Charles Wilson User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1 References: <1207752935.9233.1246948379@webmail.messagingengine.com> <20080409161204.GJ23852@calimero.vinschen.de> In-Reply-To: <20080409161204.GJ23852@calimero.vinschen.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2008-04/txt/msg00289.txt.bz2 Corinna Vinschen wrote: > On Apr 9 10:55, Charles Wilson wrote: >> Hopefully, that's more acceptable for ssh-user-config? > > My bad, I didn't update csih to CVS. I still think that's too much for > ssh-user-config. But since we don't need the setfacl anymore, that's > a moot point now. It may be a moot point for ssh-user-config, but it could be a useful behavior for some other -user-config (maybe cron user customizations?). So, I've gone ahead and made the behavior silent if the associated/specified server is already installed. See below. > And that was really very nice. I'm not trying to critizise the general > approach. I just think we (that is: I) should get rid of the entire > message and the setfacl in ssh-user-config. Well, that will certainly simplify things. However, operating on the old assumption, the new (not even in CVS yet) version of csih lets you do this: compute_sshd_user() { if csih_is_nt then if ! cygrunsrv -Q sshd >/dev/null 2>&1 then csih_select_privileged_username -q sshd fi sshd_user=$(csih_service_should_run_as sshd) if ! setfacl -m "u::rwx,u:${sshd_user}:r--,g::---,o::---" \ "${pwdhome}/.ssh" then csih_error_multiline \ .... } (a) if your service is installed, then you go directly to csih_service_should_run_as with the (new, optional) argument 'sshd' (b) otherwise, behavior is the "quiet but not silent" I described in my last email -- and that all arises from calling csih_select_privileged_username -q sshd -- which is why the client (ssh-user-config) skips it if possible. >>> svc_user=$(regtool get '/HKLM/SYSTEM/CurrentControlSet/Services/$1/ObjectName') >>> svc_user="${svc_user/\.\\/$COMPUTERNAME}" >>> svc_user=$([ "$svc_user" = "LocalSystem" ] && echo "SYSTEM" || echo $(fgrep "${svc_user}" /etc/passwd | cut -d: -f 1)) >> (a) csih_select_privileged_username (in CVS) already optionally accepts >> the service name in addition to the -q option. Currently it is only used >> to customize the Info: messages (see ${opt_servicename}, above). So >> this is even easier to add than you imagine -- if it is truly desirable >> to do so. >> >> (b) You could also do 'foo=$(cygrunsrv -V -L ${service} | sed -n >> '/Account/p' | awk '{print $NF}'); foo=$(basename $foo)' which amounts >> to the same thing. > > Urgh! Isn't it embarassing that *I* missed to use cygrunsrv for that? Well, my version wasn't exactly right either. You need to (and the new, not even in CVS yet version does) do this: username=$(cygrunsrv -V -Q "${opt_servicename}" 2>&1 |\ sed -n -e '/^Account/s/^.* : //p') username="${username/\.\\/${COMPUTERNAME}\\}" # and then something like [ "${username}" = "LocalSystem" ] \ && username=SYSTEM \ || username=$(fgrep "${username}" /etc/passwd | cut -d: -f 1) > >> (c) But what if ${service} has not yet been installed, even though [a] >> common service account exists [perhaps used by some other installed >> cygwin service]? Then you'd still need the existing logic... > > Right, but that should probably be a fallback. Ok, that's the way it works now. But it is also why the user-config client needs to check 'cygrunsrv -Q myservice' and call csih_select_privileged_username -q myservice if the service is not already installed. > If the service exists, > it could run under *any* account. It might be interesting for csih to > check always for the user running the service, not only on 2k3 and > above. OK, csih_select_privileged_username only cares for users with the special (required on nt2003) perms -- therefore, it still checks is_nt20003 || (nt && force_privileged). However, if the service is installed, then 'csih_service_should_run_as myservice' will return the user it is installed under, regardless of OS. (Well, 9x always returns "") If the service is not installed, then the behavior of sih_service_should_run_a is as before: nt2003: find pre-existing 'well-known' privileged user and specify that, or default to cyg_server nt && !nt2003 && !force_privileged: default to SYSTEM !nt (e.g. 9x): "" > For the ssh-user-config script you won't need it anymore. I have a > hard time to see that a normal user should know or decide about stuff > like that. Well, with the incantation in compute_sshd_user() above, IF the admin has already installed the service, then the user-config script will be silent (at least with regards to these issues concerning the service's user account.) It will only print messages (and perhaps ask questions the user is ill-equipped to answer) if the user-config script is run but the associated server has not been installed. Of course, if you don't care what sshd_user is, then you don't call either of csih_select_privileged_username csih_service_should_run_as and it's guaranteed to be quiet. > Nothing of that is actually helpful or informative for a > "just-a-user" user. And except for setting permissions (which isn't > necessary!) I really think we should not call this function from pure > user config scripts. That's up to the maintainer of each csih client package. You don't want to call these 'hey, what account is the server running as?' function, you don't need to. -- Chuck P.S. "not even in CVS yet" -- because in anticipation of getting approval from Corinna, Pierre, and Yaakov for explicitly specifying the license terms of csih.sh, I went ahead an made those changes to NEWS, COPYING, csih.sh, AUTHORS, etc. Corinna: MIT/X ok Pierre: MIT/X ok Yaakov: ... Yaakov? Bueller? Is this thing on? , hello? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/