This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1

Corinna Vinschen wrote:
On Apr 3 10:55, Corinna Vinschen wrote:
On Apr 2 23:46, Charles Wilson wrote:
Attached is an updated implementation of ssh-host-config that uses csih. It seems to work pretty well for the various tests I've put it through, although it REQUIRES csih-0.1.3.
Wow, thanks for doing my job.  I still have this on my TODO list :}
It would be cool if list folks could give it a try.  I will test it
as well, perhaps over the weekend.

Looks good to me. I will upload a new OpenSSH release in the next couple of days, but I guess I'll wait until you uploaded a new csih release.

Don't forget that ssh-user-config should probably be updated to use csih also. Otherwise, it will assume that the privileged user is sshd_server, when it might be that, or cyg_server or cron_server.

Instead, it should do:

if csih_is_nt
  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" \
    csih_error_multiline \
      "${pwdhome}/.ssh couldn't be given the correct permissions," \
      "assuming that the sshd server is running under the `${_user}'" \
      "account.  Please try to solve this problem first."

Unfortunately, right now csih_service_should_run_as only works if csih_select_privileged_username has been called -- but that function is very wordy, and blathers on about 'creating' the privileged user. (csih_select_privileged_username, while public, is normally called by csih_create_privileged_user).

I need to create an internal csih helper function that can be called by csih_service_should_run_as if csih_PRIVILEGED_USERNAME is not already set, which will quietly do *some* of the stuff in csih_select_privileged_username in order to initialize csih_PRIVILEGED_USERNAME.

Btw., I have a tiny patch to fix two typos in the file  Maybe you could apply them as

Sure, and thanks.


-- Unsubscribe info: Problem reports: Documentation: FAQ:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]