Re: [ANNOUNCEMENT] Updated: csih-0.1.3-1

Mon, 07 Apr 2008 17:52:28 -0700 

Corinna Vinschen wrote:

On Apr  3 10:55, Corinna Vinschen wrote:

On Apr  2 23:46, Charles Wilson wrote:
Attached is an updated implementation of ssh-host-config that uses csih. It seems to work pretty well for the various tests I've put it through, although it REQUIRES csih-0.1.3. 
Wow, thanks for doing my job.  I still have this on my TODO list :}
It would be cool if list folks could give it a try.  I will test it
as well, perhaps over the weekend.


Looks good to me.  I will upload a new OpenSSH release in the next
couple of days, but I guess I'll wait until you uploaded a new csih
release.



Don't forget that ssh-user-config should probably be updated to use csih 
also. Otherwise, it will assume that the privileged user is sshd_server, 
when it might be that, or cyg_server or cron_server.


Instead, it should do:

if csih_is_nt
then
  _user=$(csih_service_should_run_as)
  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" \
       "${pwdhome}/.ssh"
  then
    csih_error_multiline \
      "${pwdhome}/.ssh couldn't be given the correct permissions," \
      "assuming that the sshd server is running under the `${_user}'" \
      "account.  Please try to solve this problem first."
  fi
fi



Unfortunately, right now csih_service_should_run_as only works if 
csih_select_privileged_username has been called -- but that function is 
very wordy, and blathers on about 'creating' the privileged user. 
(csih_select_privileged_username, while public, is normally called by 
csih_create_privileged_user).



I need to create an internal csih helper function that can be called by 
csih_service_should_run_as if csih_PRIVILEGED_USERNAME is not already 
set, which will quietly do *some* of the stuff in 
csih_select_privileged_username in order to initialize 
csih_PRIVILEGED_USERNAME.



Btw., I have a tiny patch to fix two typos in the file
cygwin-service-installation-helper.sh.  Maybe you could apply them as
well?


Sure, and thanks.

--
Chuck


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/























					Reply via email to