This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: ntsec odds and ends (cygcheck augmentation?)
At 11:48 AM 2/5/2003 -0500, Christopher Faylor wrote:
>Pierre or Corinna,
>Have either of you considered adding code to cygcheck to check for more
>common ntsec "problems"? At the very least, something along the lines
>of "your username isn't in /etc/passwd" seems like it would be
>worthwhile.
Chris,
I have though about that and actually have such a program. However it's
a Cygwin program. The idea being that it should reproduce *exactly* the
starting sequence of Cygwin, which has varied over the years. Keeping
cygcheck up to date might be a pain
In the patch I have just sent, the group name is set to "run mkpasswd"
if the username is not in passwd, and it is "run mkgroup" if the user name
is present but not his group.
So that should be clearly visible in "id", and visible but truncated in
"ls -l".
I have also changed the default uid and gid to 400/401 when the names are
missing, to make detection easy. It can then easily be done e.g. in
/etc/profile or in sshd-user-config.
The question of "Why is my HOME C:\ " could also be handled in /etc/profile.
I was thinking of putting something like this in it:
echo "Hello this is /etc/profile"
echo "You are a new user and I will verify your configuration".
echo "Delete these lines once everything is well".
if [ $uid -eq 400 ]; then etc...
echo "Your HOME is set to $HOME, the rules are 1).. 2).. 3).. 4).. "
What do you think?
Pierre