Microsoft Windows Services for UNIX (SFU) makes it possible to integrate some
Windows operating systems into existing UNIX environments. It provides components
that simplify network administration and user management across the UNIX and Windows
platform.
SFU provides Interix a complete, high-performance UNIX environment that provides
UNIX shells like csh or ksh, several hundred
tools and utilities, and a complete set of development tools and libraries which make
it possible to port and use your UNIX-based applications to the Interix subsystem.
The following information describes the necessary steps to accomplish the installation
of SFU. This document describes:
The following parts/applications which are part of a standard N1GE installation
on UNIX operating systems are not supported in a Microsoft Windows environment and
therefore cannot be used on Windows Hosts:
The following requirements apply to the installation of Microsoft Services For
UNIX.
Get the SFU distribution media.
If you downloaded SFU,
just execute the application to unzip the files into a directory. This directory must
be located on a file system that has at least 480 MBytes free space.
Login to the Windows system with the Administrator account.
Start the setup.exe application which was unpacked
previously.

Enter your name and organization.

Accept the license agreement for SFU.

Now you have to choose between the standard installation and custom
installation. The standard installation is recommended.

If disk space is limited, you might also choose the custom installation path
but make sure that at least following components will be installed:
Utilities -> Base Utilities |
Interix Gnu components -> Interix GNU utilities |
Remote connectivity components -> Telnet Server and Windows Remote
Shell |
If you intend to use NFS shared file systems then you also need: Authentication tools for NFS -> User Mapping and Server for NFS Authentication. |
Depending on the underlying Windows operating system you might be
asked two questions concerning the SFU security settings. The following screen shows
the recommended selections:

The following information is a basic description concerning these two options.
If you need further information please consult Microsoft's SFU documentation.
Enable suid behavior for Interix programs --
According to the POSIX standard, a file has permissions that include bits to set both
a UID (setuid) and a GID (setgid) when the file
is executed. If either or both bits are set on a file, and a process executes that
file, the process gains the UID or GID of the file. When used carefully, this mechanism
allows a non-privileged user to execute programs that run with the higher privileges
of the filers owner or group. When used incorrectly, however, this behavior can present
security risks by allowing nonprivileged users to perform actions that should only
be performed by an administrator. For this reason, Windows Services for UNIX Setup
does not enable support for this mechanism by default.
You should enable
support for setuid behavior because N1GE will be running programs
that require this support. Even if you do not enable support for setuid behavior
when installing Windows Services for UNIX, you can enable it later.
Changing Default Behavior to Case Sensitivity -- You
might be required to choose whether to change the default behavior of object names,
such as file names, to being case sensitive. The choice you make will affect system
security as well as how Windows Services for UNIX functions. With Microsoft Windows,
the names of most objects (such as files and directories) are case preserving, but
case insensitive. So, you cannot have two files in the same directory named sample.txt and Sample.txt because Windows regards
the names as identical for the purposes of identifying files. However, the UNIX operating
system is fully case sensitive. So, UNIX systems distinguish between object names
when the only difference between those names is the case of the objectname characters.
Therefore, sample.txt and Sample.txt could
appear in the same directory and the UNIX system would distinguish between them when
performing operations on the files. For example, the command rm S*.txt would
delete Sample.txt but not sample.txt. In
order to implement typical UNIX behavior, the Server for NFS and the Interix subsystem
are normally case sensitive when working with file names.
This behavior
can present security issues, particularly for users who are accustomed to the caseinsensitive
conventions of Windows. For example, a Trojan horse version of edit.exe named EDIT.EXE could be stored in the same directory
as the original. If a user were to type edit at a Windows command
prompt, the Trojan horse version (EDIT.EXE) could be executed
instead of the standard version. If case sensitivity is enabled, Windows users should
be made aware of this possibility.
With Windows XP(Professional) and the
Windows Server 2003 family, the default behavior of subsystems other than the Win32
subsystem is to be case preserving but case insensitive. In previous versions of Windows,
such subsystems were fully case sensitive by default. In order to support standard
UNIX behavior, Windows Services for UNIX Setup allows you to change the default Windows
XP and Windows Server 2003 family behavior for non-Win32 subsystems when installing
the base utilities (which installs the Interix subsystem) or Server for NFS. If you
enable case sensitivity and then subsequently uninstall Server for NFS and the base
utilities, Windows Services for UNIX Setup will restore the default, case-insensitive
behavior of non-Win32 subsystems.
Configure User Name Mapping
User Name Mapping acts as
a single clearinghouse that provides centralized user mapping services for Interix
and therefore N1GE. User Name Mapping lets you create maps between Windows and UNIX
user and group accounts. In principle, these user and group names may not be identical
but for users who intend to use N1GE the names have to be identical.
User Name Mapping lets you maintain a single mapping database for the entire enterprise.
This feature makes it easy to configure authentication for multiple computers running
Windows Services for UNIX. In addition to one-to-one mapping between Windows and UNIX
user and group accounts, User Name Mapping permits one-to-many mapping letting you
associate multiple Windows accounts with a single UNIX account. This feature can be
useful, for example, when you do not need to maintain separate UNIX accounts for individuals
and would rather use a few accounts to provide different classes of access permission.
You can use simple maps, which map Windows and UNIX accounts with identical names.
You can also create advanced maps to associate Windows and UNIX accounts with different
names, which you can use in conjunction with simple maps.
For information
about simple and advanced maps, see "Simple and advanced maps" in "Help for Services
for UNIX"
Note - Note: After the installation has finished, you can find "Help for Services
for UNIX" here:
Start -> Programs -> Services for UNIX -> Help for Services
for UNIX
User Name Mapping can obtain UNIX user, password, and group information from
one or more Network Information Service (NIS) servers or from password and group files
located on a local hard drive. The password and group files can be copied from a UNIX
host or from a Windows-based system running Server for PCNFS.
Note - User Mapping is part of SFU and not of N1GE. Please consult Microsoft
Documentation and/or support to setup user mapping correctly.

Your selection in this dialog depends on the hosts and services which are currently
provided in your Windows environment and also in the UNIX environment. Otherwise,
if there is no such server in your environment then you should select Local
User Name Mapping Server.
Note - You should install SFU and enable the User Name Mapping service on your
host which acts as Domain Controller for your windows environment. All other hosts
should contact that Remote User Name Mapping Server.
If you choose Local User Name Mapping Server then you might either
select Network Information Services (NIS) to access your passwd and group NIS-maps. Otherwise you have to select
l if you will provide the files yourself.
Depending on your previous selections, you have either to enter the
NIS Domain name and NIS Server name or the path of the passwd and group files.

Following, you will find an example for the files which have the standard UNIX
format. This means that you can also use your /etc/passwd and
/etc/group files from your UNIX environment.
C:\Unix\etc\passwd
root:x:0:0:UNIX root user:/home/root:/bin/tcsh
user1:x:1002:100:Full name of user1:/home/user1:/bin/tcsh
C:\Unix\etc\group
root::0:
|
Note - Some NIS maps do not contain an entry for user root. If this
is the case and you intend to create following mapping, Administrator
<-> root.
You create this entry by using the following steps:
First create a password file containing the root entry during this
installation step.
If the SFU installation is finished then start the Services
for UNIX Administration application and create the mapping: Administrator
<-> root.
Switch to NIS mapping.
Use simple mapping or add manual mappings.
At this point the installation starts installing components. Wait
until all components are installed.

When the installation process finishes, you may have to reboot the
machine, depending on the version of Windows you are using.

Make sure that the Interix Subsystem Startup is started during boot
time. If you intend to use NFS shares and user mapping then also start Client for
NFS and User Name Mapping
Depending on the installation options and version
of the Windows operating system, one or more of these services are disabled by default.