| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=H5BdFbh3n2Ee3cZxxKGUrtpe8xjLyhRiZm4YQvPNEDmaYWFZ9jnZI | |
| qV/D3sFgrb37oFXYyJzBNYM9gLOdB68imFpmfRshE1WdrgKHR6Haxp81JBy4v8wq | |
| ZZvZvltRTtll08PuzZbsjf19wMxrj5vBZJYwl8gnkK3IugBxXXg5Hc= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=kC2DuQvndvm8UAPHS7Icg13I3x8=; b=eDVvrHk7p/aGm4htLNx2sWFfaCXc | |
| cbXHB5JX+Dp5SWiM5T0uBP2Lb/ptQkmErENdAyX9B7tJ7a5SfrhlFPYDajCtXgy+ | |
| cQieLRxd7UShhKu5qGeCE8eyiPg3RaCiYDWASF/Ols+LxDfMksmvq7IIQ500aoso | |
| M3tuGAzvP27tSxk= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-6.0 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Thu, 13 Feb 2014 20:52:43 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Testers needed: New passwd/group handling in Cygwin |
| Message-ID: | <20140213195243.GQ2246@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <20140213143849 DOT GH2246 AT calimero DOT vinschen DOT de> <52FD1EDB DOT 8060708 AT googlemail DOT com> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <52FD1EDB.8060708@googlemail.com> |
| User-Agent: | Mutt/1.5.21 (2010-09-15) |
--xXygN3QAmJYWdGtb
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Feb 13 20:36, m0viefreak wrote:
> Hello,
>=20
> I have a a question about how this change is going to affect
> third-party utilities. Especially in the case once chooses to
> use the PAM method and get rid of any /etc/{passwd,group}
> files completely.
>=20
> There seem to be programs (mostly scripts) that make use of
> /etc/passwd as a file directly.
>=20
> One of them is for example "ssh-host-config".
>=20
> The shell script:
>=20
> - works with the file directly:
> ...
> run_service_as=3D$(/usr/bin/grep -Fi "${accnt_name}" /etc/passwd | /usr=
/bin/awk -F: '{print $1;}')=20
> ...
>=20
> I assume this would have to be changed in the sshd package?
Indeed. There's also the csih package which needs to adapt.
> - After the script is run it sets various entries in the
> /etc/passwd file (sshd shell to /bin/false and home to /var/empty).
> I assume I would have to migrate these changes into the <cygwin />
> comment if I were to remove the passwd file now.
Yes and no. In theory, yes, but in fact the settings for the
sshd account don't really matter. It's the account used for
privilege separation, and the part of privilege separation which
actually needs the sshd account doesn't work on Cygwin due to missing
sendmsg/recvmsg descriptor passing.
> But more importantly, if I were to run sshd-host-config with
> no passwd file present at all, would it correctly set up the
> <cygwin /> comment entry in the PAM?
Uh... there is no PAM here, just local SAM or AD :)
But the anwser to your question is "no" at the moment. It's probably
advisable to keep the necessary entries for services in /etc/passwd for
now. I'll experiment with this, too, in the next couple of days.
> Grepping through /bin I found at least one other package
> that makes use of /etc/passwd as a file directly (cvsbug), but=20
> since I don't have everything installed I can only assume there
> are more cygwin-packages and other programs someone might build
> from source.
If the package isn't very explicitely a Cygwin-only package, it has to
be treated as broken since direct access to /etc/passwd and /etc/group
files is a no-no.
Yes, the change is a big one, and we will encounter the occasional
fallout in the next weeks or months. I'm pretty confident that moving
to SAM/AD is the right way to go, but I'm also sure that a a few
surprises are still waiting for us.
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--xXygN3QAmJYWdGtb
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJS/SKLAAoJEPU2Bp2uRE+gIGAP/3B6Dl6MeEF/kXcl2hIJ9YW5
KUZCZtIdCDN7Tt7jOO2v593VA8+5QzvOBS6BaUKO5sB0W1+9qRkvo9InmtNDhA5k
Swbp7jnNQBCUhG69YUDWExFuq5OajS/RTUT63/xsI0VYU290neS+LjnbIGK3mYWQ
10YOjcQANZpKtFi4Lp0MqJcB2/bC4Bu3SrsGvpdQH2ic4v3wvYBrf4TAVCt2FKWb
Cg0Io3WOmxsLl54mMhJQF7tG1vVP54YRXdwB8WSGNxad7b/sfleUhND0U3XbbPjw
TlHbfC7f0UpJGAnfnAZqO02oXIcKHqwk35zfEHNPGF8PXb5XB58t0ECpeo3Zdx3v
kMrCnZJjPRCXs2gTnwS/zdW2gkCCH8TtsuJqIQKEm9UEt0/lFhGVjprZtXYXQ/70
UhEEgmS0n6t1qeTp4NsqYHF+IQTa/ZdMUe5PNEI0ErBUBNIeIgmnMLQLGoQ3nsWG
yOAwCdP7arw3QYn1Z+k2jBfogb6W3sbE3DHNQ1T3px2mS0AD/HmaZ2q/kKC6rpfd
FBl3YcitljaYNWGp00GAg43kfCYrKV7CMZ8ds1Cdx7GSD8W01CirqkBNbNzJILX0
upUo07QHEO9ZPeepjek4pxT9DY+VEUypIKt+MBUM/6Aj1+5A/o5zCEYsZmfMMdZV
ApVd2A6PVNGuiPXmJf6f
=UqMh
-----END PGP SIGNATURE-----
--xXygN3QAmJYWdGtb--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |