This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Wich privileges required by ssh-host-config running user?


Sorry if you have lost a lot of time with my question but ...

I always create the /etc/passwd and /etc/group running mkpasswd and mkgroup
*BUT* the problem with these servers are the initial files when the cygwin
setup finishes.

In the initial files of the servers working, the initial values of the files
are the correct ones for executing ssh-host-config and have the
"Administrator" user the permissions for changing the owner of /etc/ssh*

In the servers that are part of a domain, the same process: 1) mkpasswd,
mkgroup and 2) ssh-host-config fails because of the "Administrator" being
part of "-l-d" groups/passwords.

Now I need to split the unattended script in two parts: a) first recreate
the passwd/group files and b) exit the shell, execute again cygwin so the
Admin have the correct passwd/group (CYGWIN DOESN'T HAVE THE NEWGRP COMMAND)
and execute 'ssh-host-config'.

In this manner: 1) the /etc/ssh* files can be changed to be owned by SYSTEM
and 2) the Admin (domain Admin) can create /home/xxx directories.

Thank you to all who points to me into the right direction.

See you.

PS: Dave, ;-)

> -----Original Message-----
> From: 
> [] On Behalf Of Dave Korn
> Sent: Wednesday, January 18, 2006 6:15 PM
> To:
> Subject: RE: Wich privileges required by ssh-host-config running user?
> Manel Rodero wrote:
> > Why? Because its primary group is "mkgroup-l-d". So I need 
> to change this
> > first by running "mkpasswd -l" and "mkgroup -l". In this manner this
> > domain account can create /home/pkuser and then create here a .ssh
> > directory with the authorized_keys I need to implement public key
> > authentication. 
>   You know, you could have saved us all a LOT of wasted time 
> if you had *told*
> us you never bothered to setup the system's two most utterly vital
> security-permissions-and-accounts-related files.  Can't 
> imagine _why_ you
> thought to omit that insignificant little fact.
>     cheers,
>       DaveK
> -- 
> Can't think of a witty .sigline today....
> --
> Unsubscribe info:
> Problem reports:
> Documentation:
> FAQ:         

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]