This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: cygwin-services-helper [was: Re: [ITA] inetutils-1.5-1]
On Feb 27 22:22, Charles Wilson wrote:
> Corinna Vinschen wrote:
>> (4a) rewrite syslog-ng-config to use it
>
> Okay, thanks.
Don't get me wrong. I was not suggesting that you should do all these
conversions. It would be nice to have one or two template scripts, like
iu-config and syslog-config. Every other script is rather the job of
the package maintainer, isn't it? Unless you plan to speed up the
migration, of course.
>> But actually, services which don't have to switch user accounts don't
>> really need it.
>
> True, unless you want to create an unprivileged user for the service
> (unless, post-XP, even LocalSystem is considered "unprivileged"?)
I didn't mean to say that other packages shouldn't use this function
library. I was merely saying that other scripts which don't have to
switch the user context don't have to be converted in the first place.
There's no pressure.
SYSTEM is of course not an unprivileged user. It has permissions to do
stuff no other account has. Since 2K3/XP 64 it has no right to "create
a user token" *only* when used as service starter account. That's the
only reason we need another account for those of our services which have
to switch user context w/o password (sshd, inetd, xinetd, proftpd, cron,
did I miss one?). Standard services which need a lot of permissions but
no permission to create a token can stick to the SYSTEM account.
Actually it's deprecated to use the SYSTEM account for services unless
the service really needs SYSTEM permissions. In XP Microsoft
started with introducing the "LocalService" (S-1-5-19) and
"NetworkService" (S-1-5-20) accounts which have much less rights than
SYSTEM and Vista introduces a much more fine grained concept.
Maybe we should always add the above two service accounts to /etc/passwd.
It's a small tweak to mkpasswd which might have some benefits.
>> Erm... why are all these functions called "csh_foo"? "Cygwin SHell"?
>> It sounds so much as if these functions are csh functions. Maybe
>> "cf" or "cyg" would be a better prefix?
>
> Cygwin-Services-Helper.
>
> Since this is a function library that will be sourced into other scripts, I
> was trying to make sure it was, as far as possible, namespace clean:
> prefixes on all function names and public variables, ensure to label
> function-local vars as 'local' so they don't "leak", etc.
Sure. No worries. But as tcsh maintainer and user I really stumbled
over the prefix :)
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat