X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Date: Sun, 20 Jul 2008 15:40:54 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED]) Message-ID: <20080720134054.GQ5675@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D AT FDSVAST06SXCH01 DOT flooddata DOT net> <20080513073720 DOT GA22193 AT calimero DOT vinschen DOT de> <3B3EFBD49B94AD4DBB7B7097257A8046DD02FC AT FDSVAST06SXCH01 DOT flooddata DOT net> <20080616210105 DOT GI731 AT calimero DOT vinschen DOT de> <20080616211352 DOT GK731 AT calimero DOT vinschen DOT de> <48821B9F DOT 6070907 AT cwilson DOT fastmail DOT fm> <20080719171235 DOT GO5675 AT calimero DOT vinschen DOT de> <488252B5 DOT 8000501 AT cwilson DOT fastmail DOT fm> <20080720122754 DOT GP5675 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080720122754.GP5675@calimero.vinschen.de> User-Agent: Mutt/1.5.16 (2007-06-09) Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Jul 20 14:27, Corinna Vinschen wrote: > On Jul 19 16:46, Charles Wilson wrote: > > Should be modified somehow, perhaps (UNTESTED): > > > > for username in cyg_server cron_server sshd_server > > do > > if egrep "^${username}:" /etc/passwd 1>/dev/null 2>&1 || > > net user "${username}" 1> /dev/null 2>&1 > > then > > [ -z "${first_account}" ] && first_account="${username}" > > accounts="${accounts}'${username}' " > > fi > > done > > Along these lines, yes. I also think that using the cyg_server/ > cron_server/sshd_server account should be preferred over SYSTEM on XP > and earlier systems, at least if they are domain member machines. Maybe > simply like this: The test should run on any OS, but if none of the > accounts exists, the fallback for XP and earlier is SYSTEM. IIUC, that's > not quite what $csih_FORCE_PRIVILEGED_USER is for. Yes? No? I tried the above script change on a XP domain member machine and with csih_FORCE_PRIVILEGED_USER set to yes. It works, it's just a bit bumpy: *** Info: This script plans to use 'cyg_server'. *** Info: 'cyg_server' will not be able to log on interactively, but will only *** Info: be used by registered services. The message is incorrect. *** Query: Do you want to use different name? (yes/no) no mkpasswd (273): [2221] The user name could not be found. I'm not sure why is mkpasswd is called here, but it's called with -l only so it can't find the domain account. Can this test be skipped if the user has been directly taken from /etc/passwd? *** Query: Please enter the password for user 'cyg_server': *** Query: Reenter: *** Info: The sshd service has been installed under the 'cyg_server' [...] Btw., there's a test for the administrators group in /etc/passwd. This test is not necessary. The only reason to have the admins group in /etc/passwd is to print file ownership correctly. It doesn't have any other value. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/