This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1

From: Charles Wilson <cygwin at cwilson dot fastmail dot fm>
To: cygwin at cygwin dot com
Date: Mon, 07 Apr 2008 20:50:10 -0400
Subject: Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1
References: <announce.47F41D60.9060102@cwilson.fastmail.fm> <47F46137.5020008@cwilson.fastmail.fm> <20080403085527.GL4468@calimero.vinschen.de> <20080407152955.GQ23852@calimero.vinschen.de>

Corinna Vinschen wrote:

On Apr 3 10:55, Corinna Vinschen wrote:
On Apr 2 23:46, Charles Wilson wrote:
Attached is an updated implementation of ssh-host-config that uses csih. It seems to work pretty well for the various tests I've put it through, although it REQUIRES csih-0.1.3.
Wow, thanks for doing my job.  I still have this on my TODO list :}
It would be cool if list folks could give it a try.  I will test it
as well, perhaps over the weekend.
Looks good to me.  I will upload a new OpenSSH release in the next
couple of days, but I guess I'll wait until you uploaded a new csih
release.

Don't forget that ssh-user-config should probably be updated to use csih also. Otherwise, it will assume that the privileged user is sshd_server, when it might be that, or cyg_server or cron_server.

Instead, it should do:

if csih_is_nt
then
  _user=$(csih_service_should_run_as)
  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" \
       "${pwdhome}/.ssh"
  then
    csih_error_multiline \
      "${pwdhome}/.ssh couldn't be given the correct permissions," \
      "assuming that the sshd server is running under the `${_user}'" \
      "account.  Please try to solve this problem first."
  fi
fi

Unfortunately, right now csih_service_should_run_as only works if csih_select_privileged_username has been called -- but that function is very wordy, and blathers on about 'creating' the privileged user. (csih_select_privileged_username, while public, is normally called by csih_create_privileged_user).

I need to create an internal csih helper function that can be called by csih_service_should_run_as if csih_PRIVILEGED_USERNAME is not already set, which will quietly do *some* of the stuff in csih_select_privileged_username in order to initialize csih_PRIVILEGED_USERNAME.

Btw., I have a tiny patch to fix two typos in the file
cygwin-service-installation-helper.sh.  Maybe you could apply them as
well?

Sure, and thanks.

--
Chuck


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Attn: cygport, openssh, and exim/cron maintainers [Was: [ANNOUNCEMENT] Updated: csih-0.1.3-1]
  - From: Charles Wilson
- Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1
  - From: Charles Wilson

References:
- [ANNOUNCEMENT] Updated: csih-0.1.3-1
  - From: Charles Wilson
- Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1
  - From: Charles Wilson
- Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1
  - From: Corinna Vinschen
- Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]