This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Installing sshd on W7 reveals errors in CSIH_SCRIPT


Installing sshd on W7 reveals errors in CSIH_SCRIPT ...

CSIH_SCRIPT = /usr/share/csih/

Just now I installed the sshd daemon on my W7 (64-bits Cygwin); I am still
using /etc/{passwd,group} as the "database" (i.e. NOT Windows SAM).

Invocation of /usr/bin/ssh-host-config (in an elevated shell) genenerated
the following TWO warnings:

  = 1st warning =
passwd: unknown user cyg_server
*** Warning: Setting password expiry for user 'cyg_server' failed!
*** Warning: Please check that password never expires or set it to your needs.
  = 2nd warning =
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM' <===== no what I had in mind!


ssh-host-config sources CSIH-SCRIPT

The function if interest in ssh-host-config is: install_service()

install_service() # skeleton of function as executed in my case

# ======================================================================
# Action!
# ======================================================================
... lot of statements
install_service || let warning_cnt+=$? # almost at bottom of file


So the functions of interest in CSIH-SCRIPT are:

 - csih_create_privileged_user
 - csih_service_should_run_as

Near the bottom of csih_create_privileged_use(), "cyg_server" (the privileged user) is ADDED to /etc/passwd ... too late and using the wrong statement.

Too late, because the privileged user ("cyg_server") should already have been
added near the beginning of this function ...

- that is why the 1st warning is issued (from csih_create_privileged_user() ) - and because of the wrong statement, "cyg_server" is NOT added to /etc/passwd

The 2nd warning is generated from csih_service_should_run_as() for the same
reason ("cyg_server" missing from /etc/passwd).
As a side-effect, the sshd service will be created using the "SYSTEM" account
i.s.o. "cyg_server" account -- not what was intended!

BTW, the comment at the top of csih_use_file_etc() is WRONG: it should read:

# ======================================================================
# Routine: csih_use_file_etc passwd|group
#   Returns 1 if files shall be used, 0 otherwise.
# ======================================================================



= Skeleton of both functions as executed in my case

csih_create_privileged_user() # in case user cyg_server must be created

 # privileged user ("cyg_server") already present?
  csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME"

  # No, it is NOT! Create user ...
  csih_call_winsys32 net user "${csih_PRIVILEGED_USERWINNAME}"

  # make the passwd of the privileged user never expire ...
  if ! passwd -e "${csih_PRIVILEGED_USERNAME}"
   ... WARNING: Setting password expiry for user "cyg_server" failed!

# Hold on, has user already been added to /etc/passwd (if files is preferred
# as the "database")? No, the user has NOT been added yet!
=====> This is why Henri gets his 1st warning ...
=====> ... and why he HAD to add user "cyg_server" to /etc/passwd
=====> ... and has to change the service
           (no, not the "SYSTEM" account, but the "cyg_server" account!)

... a lot more statements

# TOO LATE and using the WRONG variable name!
# add cyg_server to /etc/passwd ... if and only if files are used as database
  if csih_use_file_etc passwd # yes, Henri uses files as the "database"
# HUH?
    /usr/bin/mkpasswd -l -u "${username}" >> "${SYSCONFDIR}/passwd"
# I believe the statement should have read: i.e. WRONG variable used
/usr/bin/mkpasswd -l -u "${{csih_PRIVILEGED_USERNAME}" >> "${SYSCONFDIR}/passwd"


... a lot of statements

  if csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME" 1>&2
# it already existed before this script was launched (comment by Corinna)
    echo "$csih_PRIVILEGED_USERNAME"
  elif /usr/bin/getent passwd "${csih_PRIVILEGED_USERNAME}"
    ... ok
    ... Warning: Expected privileged user "cyg_server" does not exist
echo "SYSTEM" # meaning service will use the SYSTEM account (and not the
                  # cyg_server account) -- which is NOT was intended!


Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]