This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Testers needed: New passwd/group handling in Cygwin

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Thu, 13 Feb 2014 20:52:43 +0100
Subject: Re: Testers needed: New passwd/group handling in Cygwin
Authentication-results: sourceware.org; auth=none
References: <20140213143849 dot GH2246 at calimero dot vinschen dot de> <52FD1EDB dot 8060708 at googlemail dot com>
Reply-to: cygwin at cygwin dot com

On Feb 13 20:36, m0viefreak wrote:
> Hello,
> 
> I have a a question about how this change is going to affect
> third-party utilities. Especially in the case once chooses to
> use the PAM method and get rid of any /etc/{passwd,group}
> files completely.
> 
> There seem to be programs (mostly scripts) that make use of
> /etc/passwd as a file directly.
> 
> One of them is for example "ssh-host-config".
> 
> The shell script:
> 
> - works with the file directly:
>   ...
>   run_service_as=$(/usr/bin/grep -Fi "${accnt_name}" /etc/passwd | /usr/bin/awk -F: '{print $1;}') 
>   ...
> 
>   I assume this would have to be changed in the sshd package?

Indeed.  There's also the csih package which needs to adapt.

> - After the script is run it sets various entries in the
>   /etc/passwd file (sshd shell to /bin/false and home to /var/empty).
>   I assume I would have to migrate these changes into the <cygwin />
>   comment if I were to remove the passwd file now.

Yes and no.  In theory, yes, but in fact the settings for the
sshd account don't really matter.  It's the account used for
privilege separation, and the part of privilege separation which
actually needs the sshd account doesn't work on Cygwin due to missing
sendmsg/recvmsg descriptor passing.

>   But more importantly, if I were to run sshd-host-config with
>   no passwd file present at all, would it correctly set up the
>   <cygwin /> comment entry in the PAM?

Uh... there is no PAM here, just local SAM or AD :)

But the anwser to your question is "no" at the moment.  It's probably
advisable to keep the necessary entries for services in /etc/passwd for
now.  I'll experiment with this, too, in the next couple of days.

> Grepping through /bin I found at least one other package
> that makes use of /etc/passwd as a file directly (cvsbug), but 
> since I don't have everything installed I can only assume there
> are more cygwin-packages and other programs someone might build
> from source.

If the package isn't very explicitely a Cygwin-only package, it has to
be treated as broken since direct access to /etc/passwd and /etc/group
files is a no-no.

Yes, the change is a big one, and we will encounter the occasional
fallout in the next weeks or months.  I'm pretty confident that moving
to SAM/AD is the right way to go, but I'm also sure that a a few
surprises are still waiting for us.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgplawnav7A15.pgp
Description: PGP signature

References:
- Testers needed: New passwd/group handling in Cygwin
  - From: Corinna Vinschen
- Re: Testers needed: New passwd/group handling in Cygwin
  - From: m0viefreak

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]