This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!


On 5/31/2017 12:34 PM, Houder wrote:
> On Wed, 31 May 2017 10:59:38, cyg Simple wrote:
>> On 5/31/2017 10:16 AM, Houder wrote:
>>> On Wed, 31 May 2017 09:27:02, cyg Simple wrote:
>>>
>>> [snip]
>>>> All of this talk of /etc/passwd leads me to point you to
>>>> https://cygwin.com/cygwin-ug-net/ntsec.html.
>>>
>>> cyg,
>>>
>>> Do you want me to study that text a second, third, fourth or Xth time ...?
>>>
>>
>> Yes, especially section
>> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping where it
>> explains that /etc/passwd and /etc/group are now deprecated and it's use
>> is for backward compatibility and that you should be using
>> /etc/nsswitch.conf[1] instead.  Have you attempted this?
>>
>> [1] https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch
> 
> Actually, that text reads:
> 
>  = Mapping Windows SIDs to POSIX uid/gid values:
> 
>   * Read /etc/passwd and /etc/group files if they exist, just as in the olden
>     days, mainly for backward compatibility.
> -----
> 
> It does not stipulate that these files are no longer supported ... Corinna did
> not dare to proclaim them "deprecated".
> 
> Do I use the file /etc/nsswitch.conf? Yes, certainly. As shown in:
> 
>     https://cygwin.com/ml/cygwin/2017-05/msg00456.html
>     (see bottom of post)
> 
> Do you want me to drop /etc/{passwd,group} files. Yes, you do. I will not.
> 

That choice is yours but they are needless except for very limited needs.

> Moreover, it is completely irrelevant from a logical point of view  whether
> /etc/{passwd,group) or AD is used to maintain the "network administration".
> 

So what.  You have to maintain separate multiple databases for the same
user.

Just give removing these two files a try to see if you have good success.

-- 
cyg Simple

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]