delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2008/11/20/05:37:30

X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Thu, 20 Nov 2008 11:37:23 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: sshd on vista error "initgroups: Permission denied" (cygwin-1.7)
Message-ID: <20081120103723.GQ9927@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <corinna-cygwin AT cygwin DOT com> <30361 DOT 1227145104 AT maeder DOT org>
MIME-Version: 1.0
In-Reply-To: <30361.1227145104@maeder.org>
User-Agent: Mutt/1.5.16 (2007-06-09)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Nov 19 17:38, Herb Maeder wrote:
> On 14 Nov 2008 10:53:12 +0100, Corinna Vinschen wrote:
> > Actually this isn't a ssh-host-config problem, but a generic problem
> > for all admin tasks.  Installing any service requires elevation, or
> > running in a Admin shell.  I'm not really convinced that we need it.
> > Admins running admin tasks should know that they need admin privileges.
> > What you're asking for is a convenience, not a necessity.
> 
> Yes, I agree that we are talking about a generic problem for tasks
> requiring elevation.  And perhaps I took it a step too far suggesting that
> we might want to provide a mechanism to elevate automatically (a lame
> attempt at being compatible with pre-vista OSes).  So I take that back.
> 
> I'd really just like to understand what the recommended behavior should be
> for admin tasks that are invoked from underprivileged shells under vista
> with UAC turned on.  In other words, should we do anything to ease a
> cygwin user's transition to Vista?
> 
> Right now, the documentation doesn't address any migration to vista
> issues.  So we are pretty much ensuring that new vista users will stumble
> onto the cygwin elevation problems the hard way.  And this list or its
> archives are the only resources to figure out what to do.  We can do
> better than that.
> 
> Bottom line, any design decision that reduces noise on this list will have
> the added benefit of providing a better experience to the user (win-win).
> Or put differently, an inconvience to the user can translate to an
> inconvenience to the list.
> 
> For example, would these be reasonable goals for admin tasks requiring
> elevation?
> 
>    * Provide documentation and recommendations for vista specific issues
>      (UAC recommendations, how to elevate, commands requiring
>      elevation,...).  Is the user guide the right place for that?
> 
>    * When a command requires elevation, detect if the process is already
>      elevated. If not, exit with an error and a reasonable error statement
>      indicating the nature of the problem (and perhaps point to the more
>      detailed documentation and recommendations on how to address the
>      problem above).
> 
> Any others?
> 
> Note, I'm not requesting any changes.  I'm just trying to understand if we
> could/should establish guidelines for admin tasks requiring elevation.

All nice points but I don't think that you have to convince anybody that
better documentation and scripts which work better in any environment
are preferrable.  The point is, http://cygwin.com/acronyms/#SHTDI
We can discuss stuff like that at great length but it won't help
anybody if the docs and code doesn't get fixed along these lines.

Be a part of the project and suggest documentation patches as you see
fit, or create code patches for scripts to make them more intelligent.
That would help other users and us maintainers a lot.  None of us has
access to all possible environments/systems and can care for all border
cases.  Or take the next step and be a maintainer yourself.  In most
cases it's not as much work in the long run as you think it is in the
beginning (when creating your package(s) the first time).

Talking about Vista migration.  From Cygwin's point of view Vista
is just another OS.  The user is just another user.  Either the user
has certain privileges or not.  A function works or returns EACCES.
That's all.  Elevation is not an issue for Cygwin, for pretty dumb
technical reasons.  The only concession *I* would be willing to make
(but that's just me) is to add some text to admin scripts along these
lines:

   *** Alarm!  I couldn't create file foo.
   *** You're missing privileges.  If you're admin user and running
   *** on Vista, did you think to run the script in an elevated shell?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019