Mail Archives: cygwin/2021/10/01/05:24:07

ilya Basin via Cygwin <cygwin AT cygwin DOT com> · Fri, 1 Oct 2021 12:23:31 +0300

Upd:

1)
There was a typo in the sed script. The correct one is:

    mkpasswd.exe | sed 's/^[^:]*\(cyg_server\):/\1:/;t;d'

I also had to do the same for the unprivileged user "tftpd" created by /usr/bin/tftpd-config

2) 
After being successfully started by xinetd the tftp server logs to Windows Event log:

    tftpd: PID 2844: cannot drop privileges: No error 

and in the Audit log there is a deny message with:

    FailureReason %%2310 Account currently disabled.

Workaround:

    net user tftpd /active:YES

and it makes me wonder how it worked in older versions. The user is created by csih_create_unprivileged_user() with the command:

    net user "${unpriv_user}" \
                    /homedir:"${dos_var_empty}" \
                    /comment:'<cygwin home="/var/empty" shell="/bin/false"/>' \
                    /add /active:no

On 01.10.2021 10:21, ilya Basin wrote:
> Hi. I installed xinetd and tftp-server recently, ran xinetd-config and tftpd-config, and enabled /etc/xinetd.d/tftp. However, I was getting the following error in Windows Event log:
> 
>     xinetd: PID 2280: Service tftp missing attribute user - DISABLING
> 
> Workaround:
> 
>    # The xinetd user name must exist in /etc/passwd
>    # We have to strip "MYHOST+" from "MYHOST+cyg_server" to make xinetd match the entry
>    mkpasswd.exe | sed 's/^[^:]*\(cyg_server\):/\1/;t;d' >>/etc/passwd
> 
> Commenting "user=cyg_server" is not needed and won't help because then xinetd looks for the current user in /etc/passwd
> 
> By the way, cygsshd runs fine as NT_AUTHORITY\SYSTEM on Windows 10 and can serve both local and domain users. I just had to strip the machine prefix in /etc/passwd for the local users. Perhaps /usr/share/doc/Cygwin/xinetd.README is outdated?
> 

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 2ED5C3857C5B
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1633080245;
	bh=pPoG2LMq7oz9pt0BAzMLLo2FVeGL14Qt04dMJsx5Kkk=;
	h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=CpFWuxzPa50NJy5CwYDkCpyTLV4nP2kZJB9CLSTnWC43ue4Z15omPTETExVI2s1dE
	WK/KAzpNiZ8GbPFzJum5wSPSx2Un5DxUdmo4HothFyZWz7k8Ushe2ERY8KO75dYH6c
	oPzyvlsRUv79SUS1NY9k+eet6UWGuwnLREpFniIQ=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org B09CF3858C2C
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=x-gm-message-state:subject:from:to:references:message-id:date
	:user-agent:mime-version:in-reply-to:content-language
	:content-transfer-encoding;
	bh=nxzwcjBpdaiLyGmoT6CcPVmRkCNBa6nZfEfEMzAWU+I=;
	b=wnR/kRVF8O5uQw++yvXvsR0Mq32D7OjqNSL+f9Y/uyv7MxUYMKklAQu7hmvqnU6JPX
	MZZZ3wBuUG/D6nOcm+ttp1+L+ieoPHkFSVYD8X+uX5J8CqvCxDkmGzQ9ygYj7wnecTfk
	vUf2N5v7Q2qQCUptbCnc0BVGf9N1IfekAH5aANA+kqlM079juJvFVaBOGG8KvmuTvtVW
	hZAwsyflxhLcw5NdAMTUbz+gGZGbjahSmYnAb6aRhuE4dyTw4xTGxo5HnXCnE/fNOU+v
	M/7lxrf7cfZtD4pqcFe0CYN779WfDW7VmoR5s45IUwfwDU4yqKurblueM+us+LVhWCKa
	HcvQ==
X-Gm-Message-State:	AOAM531zQWfFurBfvpHbstgHKTf5aK5YxKpIzsZcI8RK28IYUm5VJfOM
	mcVpB6rsD7XY65PdQNc4FYRzIkLErV4=
X-Google-Smtp-Source:	ABdhPJzltv8/hywNyT4+K6eVmbywWcDTFdZ2k156q9QitH6eTObJjol2rEnTQbWLMWT/X5t79DoPoA==
X-Received:	by 2002:ac8:4e30:: with SMTP id d16mr11719100qtw.309.1633080215071;
	Fri, 01 Oct 2021 02:23:35 -0700 (PDT)
Subject:	Re: xinetd: PID 2280: Service tftp missing attribute user - DISABLING
To:	cygwin AT cygwin DOT com
References:	<512182d8-7c0a-a003-e3b6-aea9f73580a3 AT gmail DOT com>
Message-ID:	<78f93689-d469-92f3-7187-91ced70b2058@gmail.com>
Date:	Fri, 1 Oct 2021 12:23:31 +0300
User-Agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
	Thunderbird/78.14.0
MIME-Version:	1.0
In-Reply-To:	<512182d8-7c0a-a003-e3b6-aea9f73580a3@gmail.com>
X-Spam-Status:	No, score=-2.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, NICE_REPLY_A,
	RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
	TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version:	SpamAssassin 3.4.4 (2020-01-24) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	ilya Basin via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	ilya Basin <basinilya AT gmail DOT com>
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019