This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: TEST RELEASE: Cygwin 1.7.33-0.8


On Nov 10 14:53, Pierre A. Humblet wrote:
> > -----Original Message-----
> > From: Corinna Vinschen
> > Sent: Mon, 10 Nov 2014 12:09:17 +0100
> > On Nov  7 13:04, Pierre A. Humblet wrote:
> > > > -----Original Message-----
> > > > From: Pierre A. Humblet 
> > > > Sent: Thursday, November 06, 2014 16:09
> > > > 
> > > > > -----Original Message-----
> > > > > > From: Corinna Vinschen
> > > > > Sent: Thursday, November 06, 2014 13:51
> > > > >
> > > > > On Nov  6 13:38, Kelley Cook wrote:
> > > > > > On Thu, Nov 6, 2014 at 10:52 AM, Corinna Vinschen wrote:
> > > > > > > Hi Cygwin friends and users,
> > > > > > >
> > > > > > >
> > > > > > > I just released a 7th TEST version of the next upcoming Cygwin
> > > > > > > release, 1.7.33-0.7.
> > > > > > >
> > > > > >
> > > > > > I discovered that /usr/bin/cron-config which is part of the cron
> > > > > > package will need to be updated as it attempts to parse /etc/group
> .
> > > >
> > > > > Right, it should use getent instead.  Pierre?
> > > 
> <snip>
> > > I just realized that deleting the /etc/passwd file in existing domain
> > > systems may change usernames, which will break cron and other programs
> > > that use files named after usernames. Also the (local) privileged
> > > username will change.
> 
> > Yes.  Is there a way to accommodate that?  Maybe a postinstall script
> > checking for existing user cron files and renaming them if required?
> 
> That's possible but it must be a postinstall than runs when an updated
> Cygwin is installed (or deinstalled), not when cron is, except if we try to
> synchronize both.

A new cron when Cygwin 1.7.33 goes release might be a good idea.
I have already new OpenSSH and, even more important, base-cygwin
packages waiting in the backdrop.

> > The privileged user name shouldn't matter much after configuration.
> 
> Agreed, but see below
> 
> > For now I have made the following changes to cron-config:
> >   calling getent
> >   checking if /etc/passwd exists
> >   dealing with the extended names for privileged users (they may
> >   contain a +, don't use EREs)  
> 
> > I just scanned it quickly, but the change looks good.
> 
> OK. Do you want to produce a test release for the crons?

Oh please, no.  I really have a hell of a lot to do already getting my
own stuff and csih working, and it would be very helpful not having to
care for more.

> > Note also the discussion with Christian starting at
> > https://cygwin.com/ml/cygwin/2014-11/msg00095.html
> 
> I am fine with the prefix but there is something we should agree on
> about the special privileged names like cyg_server.
> 
> What I did is to create an entry for them in /etc/passwd. The reason
> is that the shell is changed to /bin/false and I don't want to deal
> with setting that in the Windows databases (I can't test all possible
> variations).

This has been done in the csih helper script as well, but we can't do
that anymore if the system doesn't use the files in /etc.

> Now when we create a passwd entry, we can include the prefix, as I
> did, or remove it.  csih and the other similar scripts should agree on
> that, otherwise they may reuse the privileged user (based on the
> Windows database) but create different passwd entries.  Of course
> removing the prefix can create a conflict with a cyg_server domain
> user.

Writing a passwd entry is only ok if the system is using the "passwd:
files"-only setting, but otherwise we should not write to passwd.  It's
not correct to rely on the existence of the file anymore.  I'm tweaking
csih accordingly.  It will create the system account (still only as
local account, never a domain account), and then it checks if
/etc/nsswitch.conf exists and the "passwd:" setting is "files"-only.
Only then it will write a passwd entry using the prefix if required.

Writing the shell for a local account to SAM is easy from bash:

  net user cyg_server /add \
    /comment:"<cygwin home=\"/home/foo\" shell=\"/bin/false\"/>"


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgp9uAN5eZFIJ.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]