[RFC] Globally creating a user and a group "root"

Corinna Vinschen vinschen@redhat.com
Tue Nov 11 12:46:00 GMT 2003 

Hi to all,

I'm sure you already saw this sort of discussion arising on the
Cygwin list, which basically says, "I can't run sshd/cron/whatever"
as service on 2003 Server".

The reason is that 2003 drops the CreateToken privilege from all services
running under LocalSystem account, hence the inability to switch user
context without password.

The week before I've created a solution for sshd, namely an improved
ssh-host-config script, which creates a user called "sshd_server" with
the appropriate privileges to run sshd under.

As it turned out fairly quickly now, this was a short-sighted approach.
I forgot entirely that other services will suffer from the same problem.
So, what we need is a general approach.

My idea is basically the following:

- On all NT systems, create a user account called "root" which is
  member of the administrators group.

- Always add "root" with uid 0 to /etc/passwd.

- Always add a "root" entry with gid 0 to /etc/group, which on NT
  systems has the SID of the administrators group.

The advantage of this is that new packages could expect having a
root account and a root group with uid and gid 0.  So account specific
rules in a lot of U*X-centric packages could mostly stay as they are
as a first approximation.

How could that be implemented?

- The default postinstall creates always the "root" group entry in
  /etc/group.  It also creates a "root" user entry if a user "root"
  exists (that's done by mkpasswd already).  But it also creates a
  "root" user in /etc/passwd if it not exists in the NT SAM, as a
  placeholder with a hint in the password field "DON'T TOUCH".

- Add a script to the base-files or base-passwd package, which creates
  the "root" user according to the above rules.  This script could be
  called, say, /usr/sbin/create-root.  How it could work can be seen
  in /usr/bin/ssh-host-config.

- From service installation scripts (like ssh-host-config), call that
  script instead of doing it by itself.

- All services should (or may) expect to run under that "root" account
  with uid and gid 0.

Of course, this would require all maintainers of packages, which provide
a service, to change their package accordingly.

Comments?  If we agree to do as above (or similar), I would gladly
appreciate, if I wouldn't have to do it alone.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

More information about the Cygwin-apps mailing list