From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26460 invoked by alias); 5 Aug 2008 01:32:24 -0000 Received: (qmail 26451 invoked by uid 22791); 5 Aug 2008 01:32:23 -0000 X-Spam-Check-By: sourceware.org Received: from out2.smtp.messagingengine.com (HELO out2.smtp.messagingengine.com) (66.111.4.26) by sourceware.org (qpsmtpd/0.31) with ESMTP; Tue, 05 Aug 2008 01:31:36 +0000 Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 38A62146952 for ; Mon, 4 Aug 2008 21:31:34 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Mon, 04 Aug 2008 21:31:34 -0400 Received: from [192.168.1.3] (user-0c6suln.cable.mindspring.com [24.110.122.183]) by mail.messagingengine.com (Postfix) with ESMTPSA id AE9AC2D4FA; Mon, 4 Aug 2008 21:31:33 -0400 (EDT) Message-ID: <4897AD74.8020606@cwilson.fastmail.fm> Date: Tue, 05 Aug 2008 01:32:00 -0000 From: Charles Wilson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080708 Thunderbird/2.0.0.16 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED]) References: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net> <20080513073720.GA22193@calimero.vinschen.de> <3B3EFBD49B94AD4DBB7B7097257A8046DD02FC@FDSVAST06SXCH01.flooddata.net> <20080616210105.GI731@calimero.vinschen.de> <20080616211352.GK731@calimero.vinschen.de> <48821B9F.6070907@cwilson.fastmail.fm> <20080719171235.GO5675@calimero.vinschen.de> <488252B5.8000501@cwilson.fastmail.fm> <20080720122754.GP5675@calimero.vinschen.de> <20080720134054.GQ5675@calimero.vinschen.de> In-Reply-To: <20080720134054.GQ5675@calimero.vinschen.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2008-08/txt/msg00099.txt.bz2 Corinna Vinschen wrote: >> Along these lines, yes. I also think that using the cyg_server/ >> cron_server/sshd_server account should be preferred over SYSTEM on XP >> and earlier systems, at least if they are domain member machines. Maybe >> simply like this: The test should run on any OS, but if none of the >> accounts exists, the fallback for XP and earlier is SYSTEM. IIUC, that's >> not quite what $csih_FORCE_PRIVILEGED_USER is for. Yes? No? Correct -- csih_FORCE_PRIVILEGED_USER means FORCE; you're asking for a gentle default behavior. I've modified the behavior on NT/2k/XP when not $csih_FORCE_PRIVILEGED_USER, so that if a 'known' privileged user exists, then it is used. Otherwise, SYSTEM; no new users will be created. However, on NT/2k/XP the $csih_FORCE_PRIVILEGED_USER behavior is unchagned: if a privileged user already exists it will be used (as above) -- but if one does NOT exist, one will be created and used. And failure to create it is a script failure. > I tried the above script change on a XP domain member machine and > with csih_FORCE_PRIVILEGED_USER set to yes. It works, it's just a > bit bumpy: > > *** Info: This script plans to use 'cyg_server'. > *** Info: 'cyg_server' will not be able to log on interactively, but will only > *** Info: be used by registered services. > > The message is incorrect. Fixed. > *** Query: Do you want to use different name? (yes/no) no > mkpasswd (273): [2221] The user name could not be found. > > I'm not sure why is mkpasswd is called here, but it's called with -l > only so it can't find the domain account. Can this test be skipped > if the user has been directly taken from /etc/passwd? Well, I *think* it is now skipped because that code path doesn't get activated now, if the user was found (in /etc/passwd OR in localSAM). Now, you only hit that line if you just created the user: which only happens if it existed neither in the SAM nor in /etc/passwd. And, since you just created it -- locally -- it obviously exists in the SAM /now/ -- but not yet in /etc/passwd. How do you add an entry to /etc/passwd for a user in the local SAM? mkpasswd -l. I added some comments at the appropriate places to make this clearer. > Btw., there's a test for the administrators group in /etc/passwd. > This test is not necessary. The only reason to have the admins > group in /etc/passwd is to print file ownership correctly. It doesn't > have any other value. I don't see this. I see testing /etc/passwd for the (local) Administrator USER, and testing /etc/group for the Administrators GROUP, but not /etc/passwd <-> Administrators GROUP. More info please? Please try current CVS: http://cygwin.com/cgi-bin/cvsweb.cgi/~checkout~/csih/cygwin-service-installation-helper.sh?rev=1.10&cvsroot=cygwin-apps or http://tinyurl.com/5ex7bl -- Chuck -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/