From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 74448 invoked by alias); 26 May 2017 19:35:33 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 74223 invoked by uid 89); 26 May 2017 19:35:32 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 spammy=expires, sysconfdir, WRONG, Defaulting X-HELO: lb3-smtp-cloud2.xs4all.net Received: from lb3-smtp-cloud2.xs4all.net (HELO lb3-smtp-cloud2.xs4all.net) (194.109.24.29) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 26 May 2017 19:35:30 +0000 Received: from webmail.xs4all.nl ([IPv6:2001:888:0:22:194:109:20:203]) by smtp-cloud2.xs4all.net with ESMTP id R7bX1v00N0gy927017bXTF; Fri, 26 May 2017 21:35:31 +0200 Received: from a83-162-234-136.adsl.xs4all.nl ([83.162.234.136]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Fri, 26 May 2017 21:35:32 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 26 May 2017 19:38:00 -0000 From: Houder To: cygwin@cygwin.com Subject: Installing sshd on W7 reveals errors in CSIH_SCRIPT Message-ID: X-Sender: houder@xs4all.nl User-Agent: XS4ALL Webmail X-IsSubscribed: yes X-SW-Source: 2017-05/txt/msg00442.txt.bz2 Hi, Installing sshd on W7 reveals errors in CSIH_SCRIPT ... CSIH_SCRIPT = /usr/share/csih/cygwin-service-installation-helper.sh Just now I installed the sshd daemon on my W7 (64-bits Cygwin); I am still using /etc/{passwd,group} as the "database" (i.e. NOT Windows SAM). Invocation of /usr/bin/ssh-host-config (in an elevated shell) genenerated the following TWO warnings: = 1st warning = passwd: unknown user cyg_server *** Warning: Setting password expiry for user 'cyg_server' failed! *** Warning: Please check that password never expires or set it to your needs. = 2nd warning = *** Warning: Expected privileged user 'cyg_server' does not exist. *** Warning: Defaulting to 'SYSTEM' <===== no what I had in mind! ----- ssh-host-config sources CSIH-SCRIPT The function if interest in ssh-host-config is: install_service() install_service() # skeleton of function as executed in my case csih_create_privileged_user csih_service_should_run_as # ====================================================================== # Action! # ====================================================================== ... lot of statements install_service || let warning_cnt+=$? # almost at bottom of file ----- So the functions of interest in CSIH-SCRIPT are: - csih_create_privileged_user - csih_service_should_run_as Near the bottom of csih_create_privileged_use(), "cyg_server" (the privileged user) is ADDED to /etc/passwd ... too late and using the wrong statement. Too late, because the privileged user ("cyg_server") should already have been added near the beginning of this function ... - that is why the 1st warning is issued (from csih_create_privileged_user() ) - and because of the wrong statement, "cyg_server" is NOT added to /etc/passwd The 2nd warning is generated from csih_service_should_run_as() for the same reason ("cyg_server" missing from /etc/passwd). As a side-effect, the sshd service will be created using the "SYSTEM" account i.s.o. "cyg_server" account -- not what was intended! BTW, the comment at the top of csih_use_file_etc() is WRONG: it should read: # ====================================================================== # Routine: csih_use_file_etc passwd|group ... # Returns 1 if files shall be used, 0 otherwise. # ====================================================================== Regards, Henri = = Skeleton of both functions as executed in my case = 1. csih_create_privileged_user() # in case user cyg_server must be created # privileged user ("cyg_server") already present? csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME" # No, it is NOT! Create user ... csih_call_winsys32 net user "${csih_PRIVILEGED_USERWINNAME}" # make the passwd of the privileged user never expire ... if ! passwd -e "${csih_PRIVILEGED_USERNAME}" then ... WARNING: Setting password expiry for user "cyg_server" failed! fi # Hold on, has user already been added to /etc/passwd (if files is preferred # as the "database")? No, the user has NOT been added yet! =====> This is why Henri gets his 1st warning ... =====> ... and why he HAD to add user "cyg_server" to /etc/passwd =====> ... and has to change the service (no, not the "SYSTEM" account, but the "cyg_server" account!) ... a lot more statements # TOO LATE and using the WRONG variable name! # add cyg_server to /etc/passwd ... if and only if files are used as database if csih_use_file_etc passwd # yes, Henri uses files as the "database" then # HUH? /usr/bin/mkpasswd -l -u "${username}" >> "${SYSCONFDIR}/passwd" # I believe the statement should have read: i.e. WRONG variable used /usr/bin/mkpasswd -l -u "${{csih_PRIVILEGED_USERNAME}" >> "${SYSCONFDIR}/passwd" fi 2. csih_service_should_run_as() ... a lot of statements if csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME" 1>&2 then # it already existed before this script was launched (comment by Corinna) echo "$csih_PRIVILEGED_USERNAME" return elif /usr/bin/getent passwd "${csih_PRIVILEGED_USERNAME}" then ... ok else ... Warning: Expected privileged user "cyg_server" does not exist echo "SYSTEM" # meaning service will use the SYSTEM account (and not the # cyg_server account) -- which is NOT was intended! fi ===== -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple