Installing sshd on W7 reveals errors in CSIH_SCRIPT

Houder houder@xs4all.nl
Fri May 26 19:38:00 GMT 2017 

Hi,

Installing sshd on W7 reveals errors in CSIH_SCRIPT ...

CSIH_SCRIPT = /usr/share/csih/cygwin-service-installation-helper.sh

Just now I installed the sshd daemon on my W7 (64-bits Cygwin); I am 
still
using /etc/{passwd,group} as the "database" (i.e. NOT Windows SAM).

Invocation of /usr/bin/ssh-host-config (in an elevated shell) 
genenerated
the following TWO warnings:

   = 1st warning =
passwd: unknown user cyg_server
*** Warning: Setting password expiry for user 'cyg_server' failed!
*** Warning: Please check that password never expires or set it to your 
needs.
   = 2nd warning =
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM' <===== no what I had in mind!

-----

ssh-host-config sources CSIH-SCRIPT

The function if interest in ssh-host-config is: install_service()

install_service() # skeleton of function as executed in my case
   csih_create_privileged_user
   csih_service_should_run_as

# ======================================================================
# Action!
# ======================================================================
... lot of statements
install_service || let warning_cnt+=$? # almost at bottom of file

-----

So the functions of interest in CSIH-SCRIPT are:

  - csih_create_privileged_user
  - csih_service_should_run_as

Near the bottom of csih_create_privileged_use(), "cyg_server" (the 
privileged
user) is ADDED to /etc/passwd ... too late and using the wrong 
statement.

Too late, because the privileged user ("cyg_server") should already have 
been
added near the beginning of this function ...

  - that is why the 1st warning is issued (from 
csih_create_privileged_user() )
  - and because of the wrong statement, "cyg_server" is NOT added to 
/etc/passwd

The 2nd warning is generated from csih_service_should_run_as() for the 
same
reason ("cyg_server" missing from /etc/passwd).
As a side-effect, the sshd service will be created using the "SYSTEM" 
account
i.s.o. "cyg_server" account -- not what was intended!

BTW, the comment at the top of csih_use_file_etc() is WRONG: it should 
read:

# ======================================================================
# Routine: csih_use_file_etc passwd|group
...
#   Returns 1 if files shall be used, 0 otherwise.
# ======================================================================

Regards,

Henri

=
= Skeleton of both functions as executed in my case
=

1.
csih_create_privileged_user() # in case user cyg_server must be created

  # privileged user ("cyg_server") already present?
   csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME"

   # No, it is NOT! Create user ...
   csih_call_winsys32 net user "${csih_PRIVILEGED_USERWINNAME}"

   # make the passwd of the privileged user never expire ...
   if ! passwd -e "${csih_PRIVILEGED_USERNAME}"
   then
    ... WARNING: Setting password expiry for user "cyg_server" failed!
   fi

# Hold on, has user already been added to /etc/passwd (if files is 
preferred
# as the "database")? No, the user has NOT been added yet!
=====> This is why Henri gets his 1st warning ...
=====> ... and why he HAD to add user "cyg_server" to /etc/passwd
=====> ... and has to change the service
            (no, not the "SYSTEM" account, but the "cyg_server" account!)

... a lot more statements

# TOO LATE and using the WRONG variable name!
   # add cyg_server to /etc/passwd ... if and only if  files are used as 
database
   if csih_use_file_etc passwd # yes, Henri uses files as the "database"
   then
# HUH?
     /usr/bin/mkpasswd -l -u "${username}" >> "${SYSCONFDIR}/passwd"
# I believe the statement should have read: i.e. WRONG variable used
     /usr/bin/mkpasswd -l -u "${{csih_PRIVILEGED_USERNAME}" >> 
"${SYSCONFDIR}/passwd"
   fi

2.
csih_service_should_run_as()

... a lot of statements

   if csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME" 1>&2
   then
     # it already existed before this script was launched (comment by 
Corinna)
     echo "$csih_PRIVILEGED_USERNAME"
     return
   elif /usr/bin/getent passwd "${csih_PRIVILEGED_USERNAME}"
   then
     ... ok
   else
     ... Warning: Expected privileged user "cyg_server" does not exist
     echo "SYSTEM" # meaning service will use the SYSTEM account (and not 
the
                   # cyg_server account) -- which is NOT was intended!
   fi

=====

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list