From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <basinilya@gmail.com>
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com
 [IPv6:2607:f8b0:4864:20::82c])
 by sourceware.org (Postfix) with ESMTPS id B09CF3858C2C
 for <cygwin@cygwin.com>; Fri,  1 Oct 2021 09:23:35 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B09CF3858C2C
Received: by mail-qt1-x82c.google.com with SMTP id m26so8341792qtn.1
 for <cygwin@cygwin.com>; Fri, 01 Oct 2021 02:23:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:subject:from:to:references:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=nxzwcjBpdaiLyGmoT6CcPVmRkCNBa6nZfEfEMzAWU+I=;
 b=wnR/kRVF8O5uQw++yvXvsR0Mq32D7OjqNSL+f9Y/uyv7MxUYMKklAQu7hmvqnU6JPX
 MZZZ3wBuUG/D6nOcm+ttp1+L+ieoPHkFSVYD8X+uX5J8CqvCxDkmGzQ9ygYj7wnecTfk
 vUf2N5v7Q2qQCUptbCnc0BVGf9N1IfekAH5aANA+kqlM079juJvFVaBOGG8KvmuTvtVW
 hZAwsyflxhLcw5NdAMTUbz+gGZGbjahSmYnAb6aRhuE4dyTw4xTGxo5HnXCnE/fNOU+v
 M/7lxrf7cfZtD4pqcFe0CYN779WfDW7VmoR5s45IUwfwDU4yqKurblueM+us+LVhWCKa
 HcvQ==
X-Gm-Message-State: AOAM531zQWfFurBfvpHbstgHKTf5aK5YxKpIzsZcI8RK28IYUm5VJfOM
 mcVpB6rsD7XY65PdQNc4FYRzIkLErV4=
X-Google-Smtp-Source: ABdhPJzltv8/hywNyT4+K6eVmbywWcDTFdZ2k156q9QitH6eTObJjol2rEnTQbWLMWT/X5t79DoPoA==
X-Received: by 2002:ac8:4e30:: with SMTP id d16mr11719100qtw.309.1633080215071; 
 Fri, 01 Oct 2021 02:23:35 -0700 (PDT)
Received: from [192.168.149.55] (gate.reksoft.ru. [188.64.144.36])
 by smtp.googlemail.com with ESMTPSA id 19sm2900552qtt.20.2021.10.01.02.23.34
 for <cygwin@cygwin.com>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 01 Oct 2021 02:23:34 -0700 (PDT)
Subject: Re: xinetd: PID 2280: Service tftp missing attribute user - DISABLING
From: ilya Basin <basinilya@gmail.com>
To: cygwin@cygwin.com
References: <512182d8-7c0a-a003-e3b6-aea9f73580a3@gmail.com>
Message-ID: <78f93689-d469-92f3-7187-91ced70b2058@gmail.com>
Date: Fri, 1 Oct 2021 12:23:31 +0300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <512182d8-7c0a-a003-e3b6-aea9f73580a3@gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Language: ru
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, NICE_REPLY_A,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2021 09:23:36 -0000

Upd:

1)
There was a typo in the sed script. The correct one is:

    mkpasswd.exe | sed 's/^[^:]*\(cyg_server\):/\1:/;t;d'

I also had to do the same for the unprivileged user "tftpd" created by /usr/bin/tftpd-config

2) 
After being successfully started by xinetd the tftp server logs to Windows Event log:

    tftpd: PID 2844: cannot drop privileges: No error 

and in the Audit log there is a deny message with:

    FailureReason %%2310 Account currently disabled.

Workaround:

    net user tftpd /active:YES

and it makes me wonder how it worked in older versions. The user is created by csih_create_unprivileged_user() with the command:

    net user "${unpriv_user}" \
                    /homedir:"${dos_var_empty}" \
                    /comment:'<cygwin home="/var/empty" shell="/bin/false"/>' \
                    /add /active:no



On 01.10.2021 10:21, ilya Basin wrote:
> Hi. I installed xinetd and tftp-server recently, ran xinetd-config and tftpd-config, and enabled /etc/xinetd.d/tftp. However, I was getting the following error in Windows Event log:
> 
>     xinetd: PID 2280: Service tftp missing attribute user - DISABLING
> 
> Workaround:
> 
>    # The xinetd user name must exist in /etc/passwd
>    # We have to strip "MYHOST+" from "MYHOST+cyg_server" to make xinetd match the entry
>    mkpasswd.exe | sed 's/^[^:]*\(cyg_server\):/\1/;t;d' >>/etc/passwd
> 
> Commenting "user=cyg_server" is not needed and won't help because then xinetd looks for the current user in /etc/passwd
> 
> By the way, cygsshd runs fine as NT_AUTHORITY\SYSTEM on Windows 10 and can serve both local and domain users. I just had to strip the machine prefix in /etc/passwd for the local users. Perhaps /usr/share/doc/Cygwin/xinetd.README is outdated?
>