Web lists-archives.com

Re: Problems with ssh-host-config on Windows 10




On Feb  6 10:51, Erik Bray wrote:
> On Thu, Feb 2, 2017 at 2:08 PM, Corinna Vinschen
> <corinna-cygwin@xxxxxxxxxx> wrote:
> > On Feb  2 12:19, Erik Bray wrote:
> >> The problem seems to be stemming from some assumptions in:
> >> /usr/share/csih/cygwin-service-installation-helper.sh
> >>
> >> It creates the "privileged user" (in my case with the default name
> >> cyg_server) with `net user`, including the SAM comment entry:
> >>
> >> /comment:'<cygwin home="/var/empty" shell="/bin/false"/>'
> >>
> >> Shortly after it calls:
> >>
> >> passwd -e "${csih_PRIVILEGED_USERNAME}"
> >>
> >> and this fails with:
> >>
> >> Warning: Setting password expiry for user 'desktop-mk2koav+cyg_server' failed!
> >>
> >> This happens because this is a fresh Cygwin install with all the
> >> default settings in /etc/nsswitch.conf.  In particular, no passwd
> >> entry is found for the cyg_server user unless I explicitly add "local"
> >> to db_enum.  Furthermore, the SAM comment entry is not read correctly
> >> without db_home: desc and db_shell: desc.  In summary, I had to edit
> >> /etc/nsswitch.conf to:
> >>
> >> passwd db
> >> db_enum: local
> >> db_home: desc
> >> db_shell: desc
> >
> > The assumption in ssh-host-config is that your nsswitch.conf settings
> > are already correct.  It's kind of tricky to set up accounts and stuff
> > in a not yet configured environment.
> 
> I think that's reasonable, but the question is what is "correct"?  Any
> valid settings for nsswitch.conf could be "correct" for different use
> cases, whereas the cygwin-service-installation-helper.sh script seems
> to have some very specific requirements that don't match the default
> configuration, or even many non-default configurations (especially
> w.r.t. db_home and db_shell).

The script depends on what's returned by tools like getent, mkpasswd and
mkgroup.  Those in turn depend on the nsswitch.conf settings.  If
there's a bug in there, I'd be grateful for a fix.  Maybe at one point
it should call mkpasswd instead of getent, the former not depending on
db_enum, in contrast to the latter?

Or maybe the default for db_enum is the actual problem?  Maybe it should
be set to cache + builtin + local accounts?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature