This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

incoherence of system uid between inetd, cron and openssh


Hi, 

The following present the summary of various tests using inetd, cron and
openssh.
It shows some inconsistencies with the choice of the system uid value for
these packages when all services are attempted do be started with the
system account and that CYGWIN environement variable  is set to "ntsec
tty".  It seems that openssh prefered that system uid=0, while cron asks
for system uid =18.

For these test, I use the fact that the system account uid can be set to
"0" or "18" in /etc/passwd

1- 
While starting services with system uid = 18, cron and inetd will work but
a connection with ssh will give on the client side.


****************************************************************************

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Bad ownership or mode(0600) for '/etc/ssh_host_key'.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Bad ownership or mode(0600) for '/etc/ssh_host_dsa_key'.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_dsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Bad ownership or mode(0600) for '/etc/ssh_host_rsa_key'.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_rsa_key
lhubert@etoile's password: 
Permission denied, please try again.
lhubert@etoile's password: 
 ****************************************************************************

Where CYGWIN is set to "ntsec tty" on the client and the server.

If CYGWIN is set to "tty" on the client. This warning message does not occured


2- 
On the other hand, coming back to CYGWIN to "ntsec tty", setting system uid
=0 in /etc/passwd
*and then* starting services one has the following results :

-inetd  and openssh can be use without problems (aside of the hanging
problem with ls in sftp-server, but this is a another problem). One can
verified that system.system is *still* the owner of the ssh_host_key's
files but with ui=0, with "ls -lan /etc/*". 
 
-the cron service will not start, the reason is given by reading
/usr/doc/cygwin/cron.exe 


*********************************************************
version 	3.0.1-2:
(snippet) 

Command line option `-D' added to allow cron to run under
cygrunsrv. Install as service like that:

        cygrunsrv -I cron -p /usr/sbin/cron -a -D

`root' with uid 0 is substituted by `SYSTEM' with uid 18.
 ...
********************************************************

Which stated that for cron system need to be uid 18.


I think that it can be quite to correct this situation from the source. But
can we agreed in the future for  a single system uid number? And which one
should we use ?

Note : 
	- I remove "everybody:0:0" from /etc/passwd
	- inetd is started with "net start inetd".
	- cron and openssh are installed as deamon with cygrunsrv and started with
system account.

	inetd : form inetutils-1.3.2
	cron : 3.0.1-2:
	openssh : OpenSSH_2.9p1
	bash  : 2.05.0(6)
	cygwin.dll : 694064 May 20 23:29 /bin/cygwin1.dll
	systems : intel, NT 4 SP6a


Laurent

Overall Cygwin is still a very usefull tool! Thanks to the cygwin team.











 
Laurent Hubert
Administrateur système
Centre d'Imagerie Fonctionnelle et Métabolique
CRC, CHUS
Université de Sherbrooke
3001, 12e Avenue Nord
Fleurimont
Québec, Canada
J1H 5N4
Tél. : 819 346-1110 ex 11828
Fax : 819 820 6490
Courriel : laurent.hubert@chus.qc.ca

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]