I have been using the 32-bit version nfs-server 2.3-5 package successfully for
the past few months to share my Cygwin filesystem with a locally hosted
VirtualBox VM. So I was pleased to see that the nfs-server package had finally
made it into the 64-bit Cygwin release. However, there was an unexpected change
that caused some major headaches for me when I tried to replicate my setup with
the new 2.3-6 package.
Specifically, these lines that were added to the nfs-server-config script:
editrights -u ${NFSD_USER} -a SeDenyInteractiveLogonRight
editrights -u ${NFSD_USER} -a SeDenyRemoteInteractiveLogonRight
In my 2.3-5 configuration I had installed the 3 cygrunsrv services (portmap,
rpc.nfsd, rpc.mountd) to use my login account as the services' user. However,
using the same configuration in 2.3-6 had the nasty side-effect of locking me
out of my own system the next time I had to log in to my computer. This effect
is not documented anywhere that I could find. Furthermore this seems like an
error-prone default since the 2.3-6 nfs-server-config now forces the user to
specify an account to use as the service user. (the 2.3-5 version offered the
initial option of just using the System account, I believe).
Upon attempting to log back in I was presented with the following error message
after entering my password: "The sign-in method you're trying to use isn't
allowed. For more info, contact your network administrator."
As someone who had not enabled the builtin Admin account for login and only had
the one user login account, this was a harrowing experience that I was luckily
able to recover from with the help of some youtube videos and some bizarre
security decisions on Microsoft's part.
Can we discuss removing these two lines, or at least provide a way to opt out
of applying them if the user so desires? Ideally, it would be an opt-in, I
would think, given the potential for danger. The reason I am using my local
login account as the service user is because I am sharing directories from
within my Windows home directory in a RW fashion. The System user has
difficulty getting permissions to perform the necessary operations.
All other changes to the new 2.3-6 are for the better. In fact, it seems to
handle VirtualBox virtual ethernet adapters much better than the 32-bit
version. And I no longer have to perform a system restart for some nfsd
settings to take effect. Thank you for work on this project. I just want to do
my part to make it better, too.
Also, one other thing I noticed is that the src package for 2.3-6 does not seem
to actually include the correct src.tar.bz2 file. Instead, it still only
includes the 2.3-5 bz2 file. As such, it's impossible to attempt to submit a
patch to correct this problem.
-Josh
(I apologize if this appears a second time in the mailing list. I don't see the
first post I made on 5/27 in the archives yet and I'm not sure it made it out
to the list)
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
