This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1
Corinna Vinschen wrote:
On Apr 3 10:55, Corinna Vinschen wrote:
On Apr 2 23:46, Charles Wilson wrote:
Attached is an updated implementation of ssh-host-config that uses csih. It
seems to work pretty well for the various tests I've put it through,
although it REQUIRES csih-0.1.3.
Wow, thanks for doing my job. I still have this on my TODO list :}
It would be cool if list folks could give it a try. I will test it
as well, perhaps over the weekend.
Looks good to me. I will upload a new OpenSSH release in the next
couple of days, but I guess I'll wait until you uploaded a new csih
release.
Don't forget that ssh-user-config should probably be updated to use csih
also. Otherwise, it will assume that the privileged user is sshd_server,
when it might be that, or cyg_server or cron_server.
Instead, it should do:
if csih_is_nt
then
_user=$(csih_service_should_run_as)
if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" \
"${pwdhome}/.ssh"
then
csih_error_multiline \
"${pwdhome}/.ssh couldn't be given the correct permissions," \
"assuming that the sshd server is running under the `${_user}'" \
"account. Please try to solve this problem first."
fi
fi
Unfortunately, right now csih_service_should_run_as only works if
csih_select_privileged_username has been called -- but that function is
very wordy, and blathers on about 'creating' the privileged user.
(csih_select_privileged_username, while public, is normally called by
csih_create_privileged_user).
I need to create an internal csih helper function that can be called by
csih_service_should_run_as if csih_PRIVILEGED_USERNAME is not already
set, which will quietly do *some* of the stuff in
csih_select_privileged_username in order to initialize
csih_PRIVILEGED_USERNAME.
Btw., I have a tiny patch to fix two typos in the file
cygwin-service-installation-helper.sh. Maybe you could apply them as
well?
Sure, and thanks.
--
Chuck
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/