X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Message-Id: <1207752935.9233.1246948379@webmail.messagingengine.com> From: "Charles Wilson" To: cygwin AT cygwin DOT com Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="ISO-8859-1" MIME-Version: 1.0 X-Mailer: MessagingEngine.com Webmail Interface Subject: Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1 Date: Wed, 09 Apr 2008 10:55:35 -0400 Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Wed, 9 Apr 2008 14:09:56 +0200, Corinna Vinschen wrote: >Looks ok, but I have a few questions/comments. > >- When the script starts, the following text appears: [snip verbose output] >However, I think the whole message is too noisy and confusing for >non-admins. That is odd. That particular text was mostly taken from ssh-host-config, and should only appear if your script calls csih_select_privileged_username() with no arguments (or if you are using csih-0.1.3, instead of CVS csih) -- that is, the way ssh-host-config calls it. The older version of csih_select_privileged_username ignores its arguments; the newer one honors the '-q' option that [my] ssh-user-config gives it. In which case, what you should see is something like the following (but only if nt2003 or csih_FORCE_PRIVILEGED_USER): *** Info: The following privileged accounts were found: .... *** Info: This script will assume that ${opt_servicename} will run under the" *** Info: '${username}' account." *** Query: Will ${opt_servicename} run under a different account?" [yes/no], if yes, then: *** Query: Enter the user name used by ${opt_servicename}: Hopefully, that's more acceptable for ssh-user-config? >The default user doesn't actually know which user name the >sshd service is running under. Well, maybe. But what if ssh-host-config hasn't yet been run? see below. >Additionally, given that Cygwin opens >files always with BACKUP_INTENT for a while anyway, and given that the >service account is a member of the administrators group, which has >backup user rights, there's not much reason anymore to add the service >account to the ACL. I fear that's just old cruft in the ssh-user-script. Well, that's up to you. I wanted to do something that was as close to equivalent as the existing ssh-[host|user]-config, with only those changes necessary to support a common service account whose name might not be 'sshd_service'. Now, as to: >The query "Do you want to use different name?" is a bit upside down, >IMHO. The query should be rather phrased positively "Do you want to use >t name?" I already addressed this: http://cygwin.com/ml/cygwin/2008-03/msg00447.html Phrasing that question in the opposite sense breaks postinstall scripts, where auto_answer="no". That is: Do you want to use this name? Enter the name you want to use: ...and that would be bad. Now, the openssh package does not invoke its config scripts from /etc/postinstall, but others do. So I need to take care that the auto_answer="no" case never hangs. >But, here's a question: Shouldn't the csih_privileged_accounts() function >check the service itself, rather than testing possible names with `net >user'? It would be as simple as giving csih_privileged_accounts the >service name as $1 argument, and then extract the user name with something >along the lines of > > svc_user=$(regtool get '/HKLM/SYSTEM/CurrentControlSet/Services/$1/ObjectName') > svc_user="${svc_user/\.\\/$COMPUTERNAME}" > svc_user=$([ "$svc_user" = "LocalSystem" ] && echo "SYSTEM" || echo $(fgrep "${svc_user}" /etc/passwd | cut -d: -f 1)) (a) csih_select_privileged_username (in CVS) already optionally accepts the service name in addition to the -q option. Currently it is only used to customize the Info: messages (see ${opt_servicename}, above). So this is even easier to add than you imagine -- if it is truly desirable to do so. (b) You could also do 'foo=$(cygrunsrv -V -L ${service} | sed -n '/Account/p' | awk '{print $NF}'); foo=$(basename $foo)' which amounts to the same thing. (c) But what if ${service} has not yet been installed, even though [a] common service account exists [perhaps used by some other installed cygwin service]? Then you'd still need the existing logic... Furthermore, remember that these routines are shared between (the more common) install-a-service config scripts, and (less common) user config scripts like ssh-user-config. In the former [common] case, assuming ${service} is not installed, you will always need the existing logic. If csih_select_privileged_username() short-circuits the existing logic when ${service} is already installed, then you can never change the user under which ${service} runs, without first de-registering ${service}. Maybe that's a good thing, but right now (and in the exising ssh-host-config) I *think* you can run it "again" and choose a different user, and cygrunsrv will happily modify the existing registered ${service}. I didn't think it was my place to make that behavior change. But as I said, maybe it's a GOOD thing to disallow that, without explicitly deregistering ${service} first. -- Chuck -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/