Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

RE: openssh 3.9 source available?

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [SFU / Interix / SUA Technology] >> Tools Discussion Forum >> RE: openssh 3.9 source available? Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: openssh 3.9 source available? - Nov. 17, '04, 1:28:27 PM   
Rodney

 

Posts: 3729
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
(I'm just syncing the ftp site with the CD so my changes will get posted later.)

First I'd like to say I think this discussion is good.
We get to discuss/read how different people are making solutions and why certain
approaches are/were taken. Too often we never get to hear what "real users" are
doing because of the situations they face; ye olde silent lurkers syndrome

The change I'm going to make to libport will be to have it default to not force mapping
"root" to 197108 (that's administrator in all languages). If "root" already is 197108
then then it is and that's that. If "root" is some other UID then it'll be that.
Iif an account with the name "root" doesn't exist (for the principal domain) and a
programatic flag is set (so the coder knows they are making this choice for this program)
then "root" will get mapped to 197108. So this takes the change back a bit to a more
minor change that won't change how things work for Jim's or Brian's states. And if
someone moves their current state of "root" to another state things should flex with
the change.

> I tried setting a PrincipalDomain registry entry and I don't see chgrp working without a +. Am I missing something?
> A172-23-129-130

So I'm assuming the name of the machine is "A172-23-129-130".

The discussion about "domains" has been incomplete.
It normally gets simplified to 'domain' and 'local'. But this is, for this discussion now,
not enough. There are a number of "built-in" accounts (users and groups). These built-in
accounts are well-known accounts, but they are not part of the "local machine's
domain". So the "+" still needs to lead these accounts. The system account is really
"+system" as another example.

(in reply to jim)
Post #: 21
RE: openssh 3.9 source available? - Nov. 17, '04, 3:09:18 PM   
Rodney

 

Posts: 3729
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
I've posted in the beta directory the changed version.
I've placed in beta just in-case there is some additional feedback.

It can be updated to by doing:
 pkg_add ftp://ftp.interopsystems.com/pkgs/beta/openssh-3.9.0.1.0.4-bin.tgz


The number of digits will shrink once it goes to the main directory.

This version has the changes in it that I mentioned before.
If you run sshd as you would normally then if the account "root" is given
as the username then the account that has the username "root" is used. No Mapping.
If the username "root" is used and there is no account with the username "root"
then sshd has flagged to libport that it should be mapped to Administrator
(well to 197108 actually so the language/spelling problem doesn't happen).
If you don't want the mapping of "root" to 197108 when no user account named "root"
exists then use the new '-A' flag when starting sshd and the flag to libport
will be turned off.

Send in any feedback here or to me by e-mail (whichever you prefer).

(in reply to Rodney)
Post #: 22
RE: openssh 3.9 source available? - Nov. 17, '04, 3:09:51 PM   
cortez_

 

Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
That's why I believe that our input is worthwile because it might make the tools more useful and closer to the user's requirements.

(in reply to Rodney)
Post #: 23
RE: openssh 3.9 source available? - Nov. 17, '04, 3:18:41 PM   
jim

 

Posts: 7
Joined: Nov. 15, '04,
Status: offline
Works great - thanks.

With respect to your comment about hearing what people are trying to do - I'm working with a large number of scripts that were originally developed for Linux and now either run both on Linux and Windows/Cygwin or have been rewritten for Windows. Consequently, in my case, compatiblity with Linux and Cygwin is pretty important - things like having to put a + in front of a chown command hurt when it's called from so many scripts.

(in reply to Rodney)
Post #: 24
RE: openssh 3.9 source available? - Nov. 17, '04, 3:36:44 PM   
breiter

 

Posts: 346
Joined: Jun. 14, '04,
From: Washington, DC
Status: offline
quote:

The discussion about "domains" has been incomplete.
It normally gets simplified to 'domain' and 'local'. But this is, for this discussion now,
not enough. There are a number of "built-in" accounts (users and groups). These built-in
accounts are well-known accounts, but they are not part of the "local machine's
domain". So the "+" still needs to lead these accounts. The system account is really
"+system" as another example.


Hmmm. This is interesting.

A SID takes the format S-R-I-SA-SA-SA-SA where S is always the letter "S", R is the SID format (currently always "1"), I is a 48-bit authority identifier, and SA are 32-bit subauthority identifiers.

Two well know authorities are 0x00001 World Authority (which is used with the Everyone account) and 0x00005 NT Authority. There are actually 6 defined authorities:
#define SECURITY_NULL_SID_AUTHORITY         {0,0,0,0,0,0}
#define SECURITY_WORLD_SID_AUTHORITY        {0,0,0,0,0,1}
#define SECURITY_LOCAL_SID_AUTHORITY        {0,0,0,0,0,2}
#define SECURITY_CREATOR_SID_AUTHORITY      {0,0,0,0,0,3}
#define SECURITY_NON_UNIQUE_AUTHORITY       {0,0,0,0,0,4}
#define SECURITY_NT_AUTHORITY               {0,0,0,0,0,5}
#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}

The difference between user-defined local groups and builtin local groups is just that they have a different subauthority.

Builtin local groups are in the SECURITY_BUILTIN_DOMAIN_RID (S-1-5-21) subauthority and have exactly the same SID on every Windows instance. Whereas user defined groups are in the SECURITY_NT_NON_UNIQUE (S-1-5-32) subathority. SECURITY_BUILTIN_DOMAIN_RID is the BUILTIN "domain".

Its sort of surprising that Interix treats these two subauthorities as isolated domains when the y are subauthorities on the same machine! My understanding is that the real point of these two sub-authorities is simply to differentiate the built-in groups from the user-defined groups.

However from what Rodney is describing Interix considers each RID to be its own domain and only one can be the PrincipalDomain.

On the principal of least surprise, it would be nice if some future version of Interix automatically checked to BUITIN domain AND the PrincipalDomain when checking looking up the SID of a non-FQDN group.

Here's some more information on well-known SIDs for those that are interested.

(in reply to Rodney)
Post #: 25
RE: openssh 3.9 source available? - Nov. 17, '04, 3:51:13 PM   
breiter

 

Posts: 346
Joined: Jun. 14, '04,
From: Washington, DC
Status: offline
quote:

ORIGINAL: jim
How you manage your binaries is your call, but it seems that using the aliases is going to result in wasted resources for those using ftp/mget to download the tools, not to mention the potential for confusion by having incorrectly named files.


I'd like to go back to the issue of old package names pointing to new packages for a minute.

I agree with Jim, this is unexpected behavior. I understand that you want to only have current packages in /pkgs/3.5 and want to put older packages into /pkgs/prev.

My humble suggestion is that you remove the aliases for the package names that do not point to the correspoding package. I think it would be preferable to have nothing than to have a openssh-3.8-bin.tgz that points to openssh-3.9-bin.tgz, for example. People who want the latest, then, just get openssh-current-bin.tgz and people who want something else go to pkgs/prev and get a specific version.

Just my two cents, but I know that I and others have been confused by the current setup. It's the principal of least surprise, again.

(in reply to jim)
Post #: 26
RE: openssh 3.9 source available? - Nov. 18, '04, 12:25:17 PM   
Rodney

 

Posts: 3729
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
The changes have been made to the general openssh release now and posted.

(in reply to breiter)
Post #: 27
RE: openssh 3.9 source available? - Nov. 18, '04, 2:41:51 PM   
cortez_

 

Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
So just to make sure. To keep it working with the accounts just like the
3.8 did I need to launch it with -A option Right?

(in reply to Rodney)
Post #: 28
RE: openssh 3.9 source available? - Nov. 18, '04, 2:49:01 PM   
Rodney

 

Posts: 3729
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
quote:

ORIGINAL: cortez_

So just to make sure. To keep it working with the accounts just like the
3.8 did I need to launch it with -A option Right?


You only need to start with '-A' if and only if you do not have an account
named "root" and do not want "root' to map to local administrator.

(in reply to cortez_)
Post #: 29
RE: openssh 3.9 source available? - Nov. 19, '04, 1:59:43 AM   
cortez_

 

Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
And i the case of the coexistance od the root and Administrator account the ssh should be started without -A and even though will recognize the situation and don't map?

(in reply to Rodney)
Post #: 30
RE: openssh 3.9 source available? - Nov. 19, '04, 2:17:52 AM   
Rodney

 

Posts: 3729
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
Right.
If the there is an account named "Administrator" (or whichever the spelling is
for the current locale) and another account named "root" they will be treated
as two different accounts with or without '-A' specified -- no mapping.

(in reply to cortez_)
Post #: 31
Page:   <<   < prev  1 [2]
All Forums >> [SFU / Interix / SUA Technology] >> Tools Discussion Forum >> RE: openssh 3.9 source available? Page: <<   < prev  1 [2]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.078