On Feb 25 20:46, Charles Wilson wrote:
> Corinna Vinschen wrote:
>> And, maybe it's time to start to be more cautious by default and
>> disable all service entries in /etc/defaults/etc/inetd.conf?
>
> You're probably right. Existing users' inetd.confs will not get overwritten
> -- but they will have to manually edit them anyway, given the executable
> name changes. New users...will have to read the README. Or perhaps I could
> make a REALLY smart iu-config
You mean, a iu-config which also renames the services (in.foo -> foo)
on the fly?
> What do you think, further, of requiring tcp_wrappers, and having the
> default inetd.conf file explicitly use /usr/sbin/tcpd (even if the line is
> commented out and entirely disabled)?
Well, I really have no opinion about using tcpd. If it works, it's fine
with me. OTOH, it's not actually an essential package for inetutils...
Well, it's your decision.
>>> a) install as a service using cygrunsrv (with the -D option)
>>> b) installed as a service under its own power
>>> c) as a slave to the init service, using /etc/rc.d/init.d/inetd (which
>>> uses the -T option when invoking inetd)
>> Given the problem with the SYSTEM account, maybe we should deprecate usage
>> b.
>
> Well, I kinda wanted to avoid a huge "flag day" thing where stuff just
> stopped working for people (well, except for the server executable names
> thing).
>
> But I could definitely see "method (b) is supported NT, 2000, and XP only",
> encouraging people to use method (a) or (c).
What about
b.2) still allow inetd to be installed as a service under its own power,
but remove the command line option --install-as-service to
discourage this usage for new installations.
>> I would be willing
>> to switch the ssh-host-config script from the "sshd_server" user name
>> to something like "cygwin_svc" or so.
>
> How about a new package, "cygwin-services-helper" or somesuch, that
> contains
>
> (1) a script [*] derived from the appropriate portion of sshd-host-config,
> whose job is to create the appropriate priveleged user (I like
> 'cygwin_svc') -- unless it already exists under either name ('cygwin_svc'
> or 'sshd_server').
>
> (2) maybe another script [*] whose job is to ascertain whether such a user
> already exists, and return its name (or "" if not).
>
> It would be up to the calling foo-config to use these two scripts
> appropriately. And, of course, the user might have to enter the password
> for the priveleged user account twice: once when it is created, and then
> again (by foo-config) to install the service 'foo'.
>
> Then, openssh (and inetutils, and syslog-ng, and sysvinit, ...) could all
> depend on the "cygwin-services-helper" package.
>
> [*] or maybe a script function library somewhere like
> /usr/lib/cygwin-services/ that foo-config could 'source', and then call the
> functions directly. This would help the "enter the password twice"
> problem...
Sounds good! The function library would be cool.
> BTW, with the new inetd.d/ support, sshd-host-config doesn't have to edit
> the inetd.conf file directly. It can have a
>
> /etc/defaults/etc/inetd.d/sshd
>
> file, that it either installs to /etc/inetd.d/ or not. (ditto
> /etc/xinetd.d)
Ok, thanks for the hint. I'll change ssh-host-config at one point
to use that new feature.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
