[ANNOUNCEMENT] Updated: csih-0.1.3-1

Charles Wilson cygwin@cwilson.fastmail.fm
Thu Apr 10 07:49:00 GMT 2008 

Corinna Vinschen wrote:
> On Apr  9 10:55, Charles Wilson wrote:
>> Hopefully, that's more acceptable for ssh-user-config?
> 
> My bad, I didn't update csih to CVS.  I still think that's too much for
> ssh-user-config.  But since we don't need the setfacl anymore, that's
> a moot point now.

It may be a moot point for ssh-user-config, but it could be a useful 
behavior for some other -user-config (maybe cron user customizations?). 
  So, I've gone ahead and made the behavior silent if the 
associated/specified server is already installed. See below.

> And that was really very nice.  I'm not trying to critizise the general
> approach.  I just think we (that is: I) should get rid of the entire
> message and the setfacl in ssh-user-config.

Well, that will certainly simplify things. However, operating on the old 
assumption, the new (not even in CVS yet) version of csih lets you do this:

compute_sshd_user() {
   if csih_is_nt
   then
     if ! cygrunsrv -Q sshd >/dev/null 2>&1
     then
       csih_select_privileged_username -q sshd
     fi
     sshd_user=$(csih_service_should_run_as sshd)
     if ! setfacl -m "u::rwx,u:${sshd_user}:r--,g::---,o::---" \
          "${pwdhome}/.ssh"
     then
       csih_error_multiline \
     ....
}

(a) if your service is installed, then you go directly to 
csih_service_should_run_as with the (new, optional) argument 'sshd'

(b) otherwise, behavior is the "quiet but not silent" I described in my 
last email -- and that all arises from calling 
csih_select_privileged_username -q sshd -- which is why the client 
(ssh-user-config) skips it if possible.

>>>  svc_user=$(regtool get '/HKLM/SYSTEM/CurrentControlSet/Services/$1/ObjectName')
>>>  svc_user="${svc_user/\.\\/$COMPUTERNAME}"
>>>  svc_user=$([ "$svc_user" = "LocalSystem" ] && echo "SYSTEM" || echo $(fgrep "${svc_user}" /etc/passwd | cut -d: -f 1))
>> (a) csih_select_privileged_username (in CVS) already optionally accepts
>> the service name in addition to the -q option. Currently it is only used
>> to customize the Info: messages (see ${opt_servicename}, above).  So
>> this is even easier to add than you imagine -- if it is truly desirable
>> to do so.
>>
>> (b) You could also do 'foo=$(cygrunsrv -V -L ${service} | sed -n
>> '/Account/p' | awk '{print $NF}'); foo=$(basename $foo)' which amounts
>> to the same thing.
> 
> Urgh!  Isn't it embarassing that *I* missed to use cygrunsrv for that?

Well, my version wasn't exactly right either. You need to (and the new, 
not even in CVS yet version does) do this:

username=$(cygrunsrv -V -Q "${opt_servicename}" 2>&1 |\
     sed -n -e '/^Account/s/^.* : //p')
username="${username/\.\\/${COMPUTERNAME}\\}"
# and then something like
[ "${username}" = "LocalSystem" ] \
    && username=SYSTEM \
    || username=$(fgrep "${username}" /etc/passwd | cut -d: -f 1)

> 
>> (c) But what if ${service} has not yet been installed, even though [a]
>> common service account exists [perhaps used by some other installed
>> cygwin service]?  Then you'd still need the existing logic...
> 
> Right, but that should probably be a fallback.  

Ok, that's the way it works now.  But it is also why the user-config 
client needs to check 'cygrunsrv -Q myservice' and call
   csih_select_privileged_username -q myservice
if the service is not already installed.

> If the service exists,
> it could run under *any* account.  It might be interesting for csih to
> check always for the user running the service, not only on 2k3 and
> above.

OK, csih_select_privileged_username only cares for users with the 
special (required on nt2003) perms -- therefore, it still checks 
is_nt20003 || (nt && force_privileged).  However, if the service is 
installed, then 'csih_service_should_run_as myservice' will return the 
user it is installed under, regardless of OS.

(Well, 9x always returns "")

If the service is not installed, then the behavior of 
sih_service_should_run_a is as before:
   nt2003: find pre-existing 'well-known' privileged user and specify 
that, or
           default to cyg_server
   nt && !nt2003 && !force_privileged: default to SYSTEM
   !nt (e.g. 9x): ""

> For the ssh-user-config script you won't need it anymore.  I have a 
> hard time to see that a normal user should know or decide about stuff
> like that. 

Well, with the incantation in compute_sshd_user() above, IF the admin 
has already installed the service, then the user-config script will be 
silent (at least with regards to these issues concerning the service's 
user account.)  It will only print messages (and perhaps ask questions 
the user is ill-equipped to answer) if the user-config script is run but 
the associated server has not been installed.

Of course, if you don't care what sshd_user is, then you don't call 
either of
   csih_select_privileged_username
   csih_service_should_run_as
and it's guaranteed to be quiet. <g>

> Nothing of that is actually helpful or informative for a
> "just-a-user" user.  And except for setting permissions (which isn't
> necessary!) I really think we should not call this function from pure
> user config scripts.

That's up to the maintainer of each csih client package. You don't want 
to call these 'hey, what account is the server running as?' function, 
you don't need to.

--
Chuck

P.S. "not even in CVS yet" -- because in anticipation of getting 
approval from Corinna, Pierre, and Yaakov for explicitly specifying the 
license terms of csih.sh, I went ahead an made those changes to NEWS, 
COPYING, csih.sh, AUTHORS, etc.

Corinna: MIT/X ok
Pierre: MIT/X ok
Yaakov: ...

Yaakov?

Bueller?

Is this thing on?

<tap>, <tap>

hello?


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list