This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Cygwin service account (Re: inetd help)


On Jul 14 17:57, Corinna Vinschen wrote:
> On Jul 14 07:21, Andrew DeFaria wrote:
> > I'd argue it's also becoming time for a replacement for the Local System 
> > Account for sshd, inetd and crond, perhaps named daemon instead of 
> > sshd_server which seems decidedly ssh biased. IOW maybe a little config 
> > script to create the daemon user - which the necessarily privileges like 
> > sshd_server - which each/any of the above mentioned config script could 
> > call in order to set up the service. In fact I think this should be the 
> > way to go even on older systems such as 2000 and XP instead of relying 
> > on Local System Account. Then it's a little cleaner that all Cygwin 
> > services requiring any specific permissions runs under the daemon local 
> > user...
> 
> Sure, I like the idea.  Instead of arguing, just go ahead.
> 
> http://cygwin.com/acronyms/#SHTDI
> http://cygwin.com/acronyms/#PTC


So, what do we do here now?  The idea is crystal clear, it's very much
right, but literally nobody is doing the chores.

What we need is a script which creates a Windows user specificially
designed to start Cygwin processes which need special privileges.
The code we could simply steal from my ssh-host-config (there's just one
`editrights -a SeTcbPrivilege' missing right now).

The script could be named `cygwin-server-install'.  It could be called
from all other server installation scripts.  It could be packed as it's
own package and put into the base category.

Five questions are left.

1. What do we choose as the name of that account?

   My suggestion: cygwin_server

2. Do we require the user to have a special uid/gid in Cygwin? 0:0?

3. Which packages are affected?

   My packages are: cron, inetutils, openssh, syslog-ng.

4. Are all maintainers of the affected packages willing to do the
   transition to using this script/the new account pretty quickly?

   I am if you are.

5. Last but not least: Who will create the script/package and maintain it?


Any answers?


Corinna


-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]