Re: ntsec odds and ends (cygcheck augmentation?)

Wed, 05 Feb 2003 09:44:18 -0800 

On Wed, 5 Feb 2003, Pierre A. Humblet wrote:

> At 11:48 AM 2/5/2003 -0500, Christopher Faylor wrote:
> >Pierre or Corinna,
> >Have either of you considered adding code to cygcheck to check for more
> >common ntsec "problems"?  At the very least, something along the lines
> >of "your username isn't in /etc/passwd" seems like it would be
> >worthwhile.
>
> Chris,
>
> I have though about that and actually have such a program. However it's
> a Cygwin program. The idea being that it should reproduce *exactly* the
> starting sequence of Cygwin, which has varied over the years. Keeping
> cygcheck up to date might be a pain
>
> In the patch I have just sent, the group name is set to "run mkpasswd"
> if the username is not in passwd, and it is "run mkgroup" if the user name
> is present but not his group.
> So that should be clearly visible in "id", and visible but truncated in
> "ls -l".

Pierre,

IMHO, "No entry" is a better name for such a situation ([ug]id==-1).  It
could then be documented in the FAQ.  Just my 2¢...

> I have also changed the default uid and gid to 400/401 when the names are
> missing, to make detection easy. It can then easily be done e.g. in
> /etc/profile or in sshd-user-config.
>
> The question of "Why is my HOME C:\ " could also be handled in /etc/profile.
> I was thinking of putting something like this in it:
> echo "Hello this is /etc/profile"
> echo "You are a new user and I will verify your configuration".
> echo "Delete these lines once everything is well".
> if [ $uid -eq 400 ]; then etc...
> echo "Your HOME is set to $HOME, the rules are 1).. 2).. 3).. 4).. "
>
> What do you think?
>
> Pierre

How about just "Warning: HOME set to 'C:\', check your /etc/passwd or the
value of HOME in the Windows environment"?  An advanced user (or one who
simply wants to set his home to 'C:\') should be able to just comment out
this warning from /etc/profile, right?
        Igor
-- 
                                http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_                [EMAIL PROTECTED]
ZZZzz /,`.-'`'    -.  ;-;;,_            [EMAIL PROTECTED]
     |,4-  ) )-,_. ,\ (  `'-'           Igor Pechtchanski
    '---''(_/--'  `-'\_) fL     a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Oh, boy, virtual memory! Now I'm gonna make myself a really *big* RAMdisk!
  -- /usr/games/fortune

Reply via email to