This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1


On Wed, 9 Apr 2008 14:09:56 +0200, Corinna Vinschen wrote:
>Looks ok, but I have a few questions/comments.
>
>- When the script starts, the following text appears:
[snip verbose output]
>However, I think the whole message is too noisy and confusing for
>non-admins.  

That is odd. That particular text was mostly taken from ssh-host-config,
and should only appear if your script calls
csih_select_privileged_username() with no arguments (or if you are using
csih-0.1.3, instead of CVS csih) -- that is, the way ssh-host-config
calls it.  The older version of csih_select_privileged_username ignores
its arguments; the newer one honors the '-q' option that [my]
ssh-user-config gives it. In which case, what you should see is
something like the following (but only if nt2003 or
csih_FORCE_PRIVILEGED_USER):

*** Info: The following privileged accounts were found: ....
*** Info: This script will assume that ${opt_servicename} will run under
the"
*** Info: '${username}' account."
*** Query: Will ${opt_servicename} run under a different account?" 
[yes/no], if yes, then:
*** Query: Enter the user name used by ${opt_servicename}:

Hopefully, that's more acceptable for ssh-user-config?

>The default user doesn't actually know which user name the
>sshd service is running under.

Well, maybe. But what if ssh-host-config hasn't yet been run? see below.

>Additionally, given that Cygwin opens
>files always with BACKUP_INTENT for a while anyway, and given that the
>service account is a member of the administrators group, which has
>backup user rights, there's not much reason anymore to add the service
>account to the ACL.  I fear that's just old cruft in the ssh-user-script.

Well, that's up to you. I wanted to do something that was as close to
equivalent as the existing ssh-[host|user]-config, with only those
changes necessary to support a common service account whose name might
not be 'sshd_service'.

Now, as to:

>The query "Do you want to use different name?" is a bit upside down,
>IMHO.  The query should be rather phrased positively "Do you want to use 
>t name?"

I already addressed this:
http://cygwin.com/ml/cygwin/2008-03/msg00447.html

Phrasing that question in the opposite sense breaks postinstall scripts,
where auto_answer="no". That is:

Do you want to use this name? <no>
Enter the name you want to use: <hangs>

...and that would be bad. Now, the openssh package does not invoke its
config scripts from /etc/postinstall, but others do. So I need to take
care that the auto_answer="no" case never hangs.

>But, here's a question:  Shouldn't the csih_privileged_accounts() function
>check the service itself, rather than testing possible names with `net
>user'?  It would be as simple as giving csih_privileged_accounts the
>service name as $1 argument, and then extract the user name with something
>along the lines of
>
>  svc_user=$(regtool get '/HKLM/SYSTEM/CurrentControlSet/Services/$1/ObjectName')
>  svc_user="${svc_user/\.\\/$COMPUTERNAME}"
>  svc_user=$([ "$svc_user" = "LocalSystem" ] && echo "SYSTEM" || echo $(fgrep "${svc_user}" /etc/passwd | cut -d: -f 1))

(a) csih_select_privileged_username (in CVS) already optionally accepts
the service name in addition to the -q option. Currently it is only used
to customize the Info: messages (see ${opt_servicename}, above).  So
this is even easier to add than you imagine -- if it is truly desirable
to do so.

(b) You could also do 'foo=$(cygrunsrv -V -L ${service} | sed -n
'/Account/p' | awk '{print $NF}'); foo=$(basename $foo)' which amounts
to the same thing.

(c) But what if ${service} has not yet been installed, even though [a]
common service account exists [perhaps used by some other installed
cygwin service]?  Then you'd still need the existing logic...

Furthermore, remember that these routines are shared between (the more
common) install-a-service config scripts, and (less common) user config
scripts like ssh-user-config.  In the former [common] case, assuming
${service} is not installed, you will always need the existing logic.

If csih_select_privileged_username() short-circuits the existing logic
when ${service} is already installed, then you can never change the user
under which  ${service} runs, without first de-registering ${service}. 
Maybe that's a good thing, but right now (and in the exising
ssh-host-config) I *think* you can run it "again" and choose a different
user, and cygrunsrv will happily modify the existing registered
${service}.  I didn't think it was my place to make that behavior
change.

But as I said, maybe it's a GOOD thing to disallow that, without
explicitly deregistering ${service} first.

--
Chuck

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]