X-Spam-Check-By: sourceware.org
From: "Manel Rodero" <manel AT fib DOT upc DOT edu>
To: <cygwin AT cygwin DOT com>
Subject: RE: Wich privileges required by ssh-host-config running user?
Date: Thu, 19 Jan 2006 11:13:40 +0100
Message-ID: <002d01c61ce1$04d93180$043a5393@fib.upc.es>
MIME-Version: 1.0
Content-Type: text/plain; 	charset="us-ascii"
In-Reply-To: <SERRANOTy9CMdZpDsiI000001bf@SERRANO.CAM.ARTIMI.COM>
X-Scaned-FIB: AntiVirus/AntiSpam en fib.upc.es
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id k0JADsVO027112

Hi,

Sorry if you have lost a lot of time with my question but ...

I always create the /etc/passwd and /etc/group running mkpasswd and mkgroup
*BUT* the problem with these servers are the initial files when the cygwin
setup finishes.

In the initial files of the servers working, the initial values of the files
are the correct ones for executing ssh-host-config and have the
"Administrator" user the permissions for changing the owner of /etc/ssh*
files.

In the servers that are part of a domain, the same process: 1) mkpasswd,
mkgroup and 2) ssh-host-config fails because of the "Administrator" being
part of "-l-d" groups/passwords.

Now I need to split the unattended script in two parts: a) first recreate
the passwd/group files and b) exit the shell, execute again cygwin so the
Admin have the correct passwd/group (CYGWIN DOESN'T HAVE THE NEWGRP COMMAND)
and execute 'ssh-host-config'.

In this manner: 1) the /etc/ssh* files can be changed to be owned by SYSTEM
and 2) the Admin (domain Admin) can create /home/xxx directories.

Thank you to all who points to me into the right direction.

See you.

PS: Dave, ;-)

> -----Original Message-----
> From: cygwin-owner AT cygwin DOT com 
> [mailto:cygwin-owner AT cygwin DOT com] On Behalf Of Dave Korn
> Sent: Wednesday, January 18, 2006 6:15 PM
> To: cygwin AT cygwin DOT com
> Subject: RE: Wich privileges required by ssh-host-config running user?
> 
> 
> Manel Rodero wrote:
> 
> > Why? Because its primary group is "mkgroup-l-d". So I need 
> to change this
> > first by running "mkpasswd -l" and "mkgroup -l". In this manner this
> > domain account can create /home/pkuser and then create here a .ssh
> > directory with the authorized_keys I need to implement public key
> > authentication. 
> 
> 
>   You know, you could have saved us all a LOT of wasted time 
> if you had *told*
> us you never bothered to setup the system's two most utterly vital
> security-permissions-and-accounts-related files.  Can't 
> imagine _why_ you
> thought to omit that insignificant little fact.
> 
> 
>     cheers,
>       DaveK
> -- 
> Can't think of a witty .sigline today....
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
> 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/