From: Houder <houder@xs4all.nl>
To: cygwin@cygwin.com
Subject: Installing sshd on W7 reveals errors in CSIH_SCRIPT
Date: Fri, 26 May 2017 19:38:00 -0000 [thread overview]
Message-ID: <c50589c74b974315dd7756109e270c74@xs4all.nl> (raw)
Hi,
Installing sshd on W7 reveals errors in CSIH_SCRIPT ...
CSIH_SCRIPT = /usr/share/csih/cygwin-service-installation-helper.sh
Just now I installed the sshd daemon on my W7 (64-bits Cygwin); I am
still
using /etc/{passwd,group} as the "database" (i.e. NOT Windows SAM).
Invocation of /usr/bin/ssh-host-config (in an elevated shell)
genenerated
the following TWO warnings:
= 1st warning =
passwd: unknown user cyg_server
*** Warning: Setting password expiry for user 'cyg_server' failed!
*** Warning: Please check that password never expires or set it to your
needs.
= 2nd warning =
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM' <===== no what I had in mind!
-----
ssh-host-config sources CSIH-SCRIPT
The function if interest in ssh-host-config is: install_service()
install_service() # skeleton of function as executed in my case
csih_create_privileged_user
csih_service_should_run_as
# ======================================================================
# Action!
# ======================================================================
... lot of statements
install_service || let warning_cnt+=$? # almost at bottom of file
-----
So the functions of interest in CSIH-SCRIPT are:
- csih_create_privileged_user
- csih_service_should_run_as
Near the bottom of csih_create_privileged_use(), "cyg_server" (the
privileged
user) is ADDED to /etc/passwd ... too late and using the wrong
statement.
Too late, because the privileged user ("cyg_server") should already have
been
added near the beginning of this function ...
- that is why the 1st warning is issued (from
csih_create_privileged_user() )
- and because of the wrong statement, "cyg_server" is NOT added to
/etc/passwd
The 2nd warning is generated from csih_service_should_run_as() for the
same
reason ("cyg_server" missing from /etc/passwd).
As a side-effect, the sshd service will be created using the "SYSTEM"
account
i.s.o. "cyg_server" account -- not what was intended!
BTW, the comment at the top of csih_use_file_etc() is WRONG: it should
read:
# ======================================================================
# Routine: csih_use_file_etc passwd|group
...
# Returns 1 if files shall be used, 0 otherwise.
# ======================================================================
Regards,
Henri
=
= Skeleton of both functions as executed in my case
=
1.
csih_create_privileged_user() # in case user cyg_server must be created
# privileged user ("cyg_server") already present?
csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME"
# No, it is NOT! Create user ...
csih_call_winsys32 net user "${csih_PRIVILEGED_USERWINNAME}"
# make the passwd of the privileged user never expire ...
if ! passwd -e "${csih_PRIVILEGED_USERNAME}"
then
... WARNING: Setting password expiry for user "cyg_server" failed!
fi
# Hold on, has user already been added to /etc/passwd (if files is
preferred
# as the "database")? No, the user has NOT been added yet!
=====> This is why Henri gets his 1st warning ...
=====> ... and why he HAD to add user "cyg_server" to /etc/passwd
=====> ... and has to change the service
(no, not the "SYSTEM" account, but the "cyg_server" account!)
... a lot more statements
# TOO LATE and using the WRONG variable name!
# add cyg_server to /etc/passwd ... if and only if files are used as
database
if csih_use_file_etc passwd # yes, Henri uses files as the "database"
then
# HUH?
/usr/bin/mkpasswd -l -u "${username}" >> "${SYSCONFDIR}/passwd"
# I believe the statement should have read: i.e. WRONG variable used
/usr/bin/mkpasswd -l -u "${{csih_PRIVILEGED_USERNAME}" >>
"${SYSCONFDIR}/passwd"
fi
2.
csih_service_should_run_as()
... a lot of statements
if csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME" 1>&2
then
# it already existed before this script was launched (comment by
Corinna)
echo "$csih_PRIVILEGED_USERNAME"
return
elif /usr/bin/getent passwd "${csih_PRIVILEGED_USERNAME}"
then
... ok
else
... Warning: Expected privileged user "cyg_server" does not exist
echo "SYSTEM" # meaning service will use the SYSTEM account (and not
the
# cyg_server account) -- which is NOT was intended!
fi
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next reply other threads:[~2017-05-26 19:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-26 19:38 Houder [this message]
2017-05-27 11:35 ` Houder
2017-05-27 15:55 ` Installing sshd on W7 reveals errors in CSIH_SCRIPT -- patch file against master Houder
2017-05-28 13:46 ` Houder
2017-06-07 9:15 ` Corinna Vinschen
2017-06-07 11:58 ` Houder
2017-06-07 14:35 ` Corinna Vinschen
2017-06-07 18:17 ` Houder
2017-06-07 18:56 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c50589c74b974315dd7756109e270c74@xs4all.nl \
--to=houder@xs4all.nl \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).