X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=mj9Jexv7kusI6kQttDyolvwe/xQMUlxT8guFoCLxF7w2NJX2Y+yC+
	jEZP2c0xmJtzrG6IuT3tpdQf+l35AfCaSAzauxXe3K1qJ2bO9acJXzJRjUFhXmcf
	mOs6/ZXWrLdcTqYdgjzmlX9ZC5UCL4q8zCrQMj2/jZ/cOtf2AeUVgU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=l2y6gkJHw3yXOFoHygfnZrUawME=; b=l1Sb7hzKrJB1/vh0NjtDcbT3Esxs
	23gwxjE+l2frUBcGQbeVMcKyFLTVekRJlMVJHFfilsgmo+eJ/dAREr4RSDQNEvgv
	OJIygkfNwR18R0j11B3nCkrc8iXb4vYFSFtXyKtJDvxH12kpTp0CLk0iVpCoa5y0
	/jBWbS28lCcnNnE=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.9 required=5.0 tests=AWL,BAYES_00,UNSUBSCRIBE_BODY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Mon, 10 Nov 2014 21:29:54 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: TEST RELEASE: Cygwin 1.7.33-0.8
Message-ID: <20141110202954.GA13071@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20141107091107 DOT GS28195 AT calimero DOT vinschen DOT de> <001e01cffd1f$fe393810$faaba830$@ieee.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR"
Content-Disposition: inline
In-Reply-To: <001e01cffd1f$fe393810$faaba830$@ieee.org>
User-Agent: Mutt/1.5.23 (2014-03-12)

--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Nov 10 14:53, Pierre A. Humblet wrote:
> > -----Original Message-----
> > From: Corinna Vinschen
> > Sent: Mon, 10 Nov 2014 12:09:17 +0100
> > On Nov  7 13:04, Pierre A. Humblet wrote:
> > > > -----Original Message-----
> > > > From: Pierre A. Humblet=20
> > > > Sent: Thursday, November 06, 2014 16:09
> > > >=20
> > > > > -----Original Message-----
> > > > > > From: Corinna Vinschen
> > > > > Sent: Thursday, November 06, 2014 13:51
> > > > >
> > > > > On Nov  6 13:38, Kelley Cook wrote:
> > > > > > On Thu, Nov 6, 2014 at 10:52 AM, Corinna Vinschen wrote:
> > > > > > > Hi Cygwin friends and users,
> > > > > > >
> > > > > > >
> > > > > > > I just released a 7th TEST version of the next upcoming Cygwin
> > > > > > > release, 1.7.33-0.7.
> > > > > > >
> > > > > >
> > > > > > I discovered that /usr/bin/cron-config which is part of the cron
> > > > > > package will need to be updated as it attempts to parse /etc/gr=
oup
> .
> > > >
> > > > > Right, it should use getent instead.  Pierre?
> > >=20
> <snip>
> > > I just realized that deleting the /etc/passwd file in existing domain
> > > systems may change usernames, which will break cron and other programs
> > > that use files named after usernames. Also the (local) privileged
> > > username will change.
>=20
> > Yes.  Is there a way to accommodate that?  Maybe a postinstall script
> > checking for existing user cron files and renaming them if required?
>=20
> That's possible but it must be a postinstall than runs when an updated
> Cygwin is installed (or deinstalled), not when cron is, except if we try =
to
> synchronize both.

A new cron when Cygwin 1.7.33 goes release might be a good idea.
I have already new OpenSSH and, even more important, base-cygwin
packages waiting in the backdrop.

> > The privileged user name shouldn't matter much after configuration.
>=20
> Agreed, but see below
>=20
> > For now I have made the following changes to cron-config:
> >   calling getent
> >   checking if /etc/passwd exists
> >   dealing with the extended names for privileged users (they may
> >   contain a +, don't use EREs)=20=20
>=20
> > I just scanned it quickly, but the change looks good.
>=20
> OK. Do you want to produce a test release for the crons?

Oh please, no.  I really have a hell of a lot to do already getting my
own stuff and csih working, and it would be very helpful not having to
care for more.

> > Note also the discussion with Christian starting at
> > https://cygwin.com/ml/cygwin/2014-11/msg00095.html
>=20
> I am fine with the prefix but there is something we should agree on
> about the special privileged names like cyg_server.
>=20
> What I did is to create an entry for them in /etc/passwd. The reason
> is that the shell is changed to /bin/false and I don't want to deal
> with setting that in the Windows databases (I can't test all possible
> variations).

This has been done in the csih helper script as well, but we can't do
that anymore if the system doesn't use the files in /etc.

> Now when we create a passwd entry, we can include the prefix, as I
> did, or remove it.  csih and the other similar scripts should agree on
> that, otherwise they may reuse the privileged user (based on the
> Windows database) but create different passwd entries.  Of course
> removing the prefix can create a conflict with a cyg_server domain
> user.

Writing a passwd entry is only ok if the system is using the "passwd:
files"-only setting, but otherwise we should not write to passwd.  It's
not correct to rely on the existence of the file anymore.  I'm tweaking
csih accordingly.  It will create the system account (still only as
local account, never a domain account), and then it checks if
/etc/nsswitch.conf exists and the "passwd:" setting is "files"-only.
Only then it will write a passwd entry using the prefix if required.

Writing the shell for a local account to SAM is easy from bash:

  net user cyg_server /add \
    /comment:"<cygwin home=3D\"/home/foo\" shell=3D\"/bin/false\"/>"


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUYSBCAAoJEPU2Bp2uRE+g68MP/RYJnDX0qwqnSbcbwFJKiev7
+fGP4xkZyJyde3uevcAng5VfAKQh+Zot8hCMEXnZGPoDI6t72RL7BMi+7pSTZUX4
i+6TZt9oXtNvtHrM9HLc4btdwW/QiQHWbe7laM1CI/6ji1vlgV1ZGPD74r+lvC+j
3ErYBolGw3+FC+6QJZv1QptTtW9UjKH5JSRHO5Oy8AeEXDPUz4y3g297Y3aCU6AG
TdD9Dv78GAQzAEao23JmI7VrUiVRRkMkZeidy7ZQcYF6Mp1ei9MooYqcyBTafHHZ
NK028FGJESBzp+IURSPQi4t+x/bjcyLZyPcveLSLEkFgakR5Duk5SMwqdgHZ8D9E
kwNVRNUb3sv9wJo544q8QoLMegb9HnX37+4/EPMPCccTtpDjRvf1cKQ4w4aOzq4b
o2UDOAehXbB3Tm5ONR4xGMhf6+QwuYwKYuzhceyY9L7bw26X3TX9wQeyQ90sdxZh
xrb4GNOZqQhD2PC2GZSHGT0aTZaSA1IAGL7kXAGy3BsGeU+UKtTKkfjXAk5UPl2I
EK9As3w2rRbN5hQ9ka4u1mgzOHPG+p24y2nY3Y7jQ4WTjMcbbyToOmehs+bSDdMR
++JyjnfxdMgOFxJYUkfRAHyFV8L1snX4XWecTceO3HgbvNl6f9XhMDM65a2lCx7G
lLpMav92mY8WDYh1Lhia
=a8bK
-----END PGP SIGNATURE-----

--9jxsPFA5p3P2qPhR--