This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])


On Jul 20 14:27, Corinna Vinschen wrote:
> On Jul 19 16:46, Charles Wilson wrote:
> > Should be modified somehow, perhaps (UNTESTED):
> >
> >       for username in cyg_server cron_server sshd_server
> >       do
> >         if egrep "^${username}:" /etc/passwd 1>/dev/null 2>&1 ||
> >            net user "${username}" 1> /dev/null 2>&1
> >         then
> >           [ -z "${first_account}" ] && first_account="${username}"
> >           accounts="${accounts}'${username}' "
> >         fi
> >       done
> 
> Along these lines, yes.  I also think that using the cyg_server/
> cron_server/sshd_server account should be preferred over SYSTEM on XP
> and earlier systems, at least if they are domain member machines.  Maybe
> simply like this:  The test should run on any OS, but if none of the
> accounts exists, the fallback for XP and earlier is SYSTEM.  IIUC, that's
> not quite what $csih_FORCE_PRIVILEGED_USER is for.  Yes?  No?

I tried the above script change on a XP domain member machine and
with csih_FORCE_PRIVILEGED_USER set to yes.  It works, it's just a
bit bumpy:

  *** Info: This script plans to use 'cyg_server'.
  *** Info: 'cyg_server' will not be able to log on interactively, but will only
  *** Info: be used by registered services.

The message is incorrect.

  *** Query: Do you want to use different name? (yes/no) no
  mkpasswd (273): [2221] The user name could not be found.

I'm not sure why is mkpasswd is called here, but it's called with -l
only so it can't find the domain account.  Can this test be skipped
if the user has been directly taken from /etc/passwd?

  *** Query: Please enter the password for user 'cyg_server':
  *** Query: Reenter:


  *** Info: The sshd service has been installed under the 'cyg_server'
  [...]

Btw., there's a test for the administrators group in /etc/passwd.
This test is not necessary.  The only reason to have the admins
group in /etc/passwd is to print file ownership correctly.  It doesn't
have any other value.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]