[nfs-server] Hazardous changes introduced in 2.3-6

[nfs-server] Hazardous changes introduced in 2.3-6

[jcwilson.cygwin]

I have been using the 32-bit version nfs-server 2.3-5 package successfully for the past few months to share my Cygwin filesystem with a locally hosted VirtualBox VM. So I was pleased to see that the nfs-server package had finally made it into the 64-bit Cygwin release. However, there was an unexpected change that caused some major headaches for me when I tried to replicate my setup with the new 2.3-6 package.

Specifically, these lines that were added to the nfs-server-config script:

    editrights -u ${NFSD_USER} -a SeDenyInteractiveLogonRight
    editrights -u ${NFSD_USER} -a SeDenyRemoteInteractiveLogonRight

In my 2.3-5 configuration I had installed the 3 cygrunsrv services (portmap, rpc.nfsd, rpc.mountd) to use my login account as the services' user. However, using the same configuration in 2.3-6 had the nasty side-effect of locking me out of my own system the next time I had to log in to my computer. This effect is not documented anywhere that I could find. Furthermore this seems like an error-prone default since the 2.3-6 nfs-server-config now forces the user to specify an account to use as the service user. (the 2.3-5 version offered the initial option of just using the System account, I believe).

Upon attempting to log back in I was presented with the following error message after entering my password: "The sign-in method you're trying to use isn't allowed. For more info, contact your network administrator."

As someone who had not enabled the builtin Admin account for login and only had the one user login account, this was a harrowing experience that I was luckily able to recover from with the help of some youtube videos and some bizarre security decisions on Microsoft's part.

Can we discuss removing these two lines, or at least provide a way to opt out of applying them if the user so desires? Ideally, it would be an opt-in, I would think, given the potential for danger. The reason I am using my local login account as the service user is because I am sharing directories from within my Windows home directory in a RW fashion. The System user has difficulty getting permissions to perform the necessary operations.

All other changes to the new 2.3-6 are for the better. In fact, it seems to handle VirtualBox virtual ethernet adapters much better than the 32-bit version. And I no longer have to perform a system restart for some nfsd settings to take effect. Thank you for work on this project. I just want to do my part to make it better, too.

Also, one other thing I noticed is that the src package for 2.3-6 does not seem to actually include the correct src.tar.bz2 file. Instead, it still only includes the 2.3-5 bz2 file. As such, it's impossible to attempt to submit a patch to correct this problem.

-Josh

(I apologize if this appears a second time in the mailing list. I don't see the first post I made on 5/27 in the archives yet and I'm not sure it made it out to the list)


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [nfs-server] Hazardous changes introduced in 2.3-6

[Andrey Repin]

Greetings, jcwilson.cygwin@nym.hush.com!

> I had installed the 3 cygrunsrv services (portmap, rpc.nfsd, rpc.mountd) to
> use my login account as the services' user.

That's your and only your mistake.
I hope you've learned from it and will not repeat the same mistake again.


-- 
With best regards,
Andrey Repin
Sunday, May 29, 2016 02:30:41

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [nfs-server] Hazardous changes introduced in 2.3-6

[jcwilson.cygwin]

>That's your and only your mistake.
>I hope you've learned from it and will not repeat the same mistake 
>again.

Thank you for your reply. I'm looking into alternative ways of configuring my
share but haven't had much luck with any other option.

Consider my use case: I wish to only share the contents of my Window's User
directory for read/write operations and I am the only user of this machine.

If I run the services as, say, the SYSTEM account, there are files that are not
accessible to that account that I still wish to share. Furthermore, any files
that are created in the share from the mounting Linux system will be written to
the Windows filesystem as if they are owned by the SYSTEM account. These issues
would not be resolved by creating and using a new "NFS server" Windows account
for the service, either.

I think it's a perfectly valid expectation to utilize a login user account as
the NFS services user. In fact, it can actually be safer if one were to only
login as a "Basic" Windows user account for day-to-day work and use that for the
NFS services, too. The SYSTEM account has all kinds of access to modify, well,
the system, so I don't think it's wise to use that one for the services (if
that's what you were implying with your response)

And still, the problem still exists that the current setup script is a landmine
waiting for the next unsuspecting user to type their own account name into the
prompt.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [nfs-server] Hazardous changes introduced in 2.3-6

[Marco Atzeri]

On 29/05/2016 01:31, Andrey Repin wrote:
> Greetings, jcwilson.cygwin@nym.hush.com!
>
>> I had installed the 3 cygrunsrv services (portmap, rpc.nfsd, rpc.mountd) to
>> use my login account as the services' user.
>
> That's your and only your mistake.
> I hope you've learned from it and will not repeat the same mistake again.
>

safety precaution should avoid that mistakes become tragedy...

In this case I agree with Josh that the default is hazardous if the user 
don't select the default/proposed service userid.

Marco





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple