Cygserver

What is Cygserver?

Cygserver is a program which is designed to run as a background service. It provides Cygwin applications with services which require security arbitration or which need to persist while no other cygwin application is running.

The implemented services so far are:

  • XSI IPC Message Queues.

  • XSI IPC Semaphores.

  • XSI IPC Shared Memory.

  • Allows non-privileged users to store obfuscated passwords in the registry to be used by setuid and seteuid calls to create user tokens with network credentials. This service is used by passwd -R. Using the stored passwords in set(e)uid does not require running Cygserver. For details, see the section called “Switching the user context”.

  • This functionality is no longer used since Cygwin 1.7.6, but the interface is still available: Control slave tty/pty handle dispersal from tty owner to other processes without compromising the owner processes' security. Starting with Cygwin 1.7.6 another safe mechanism to share tty/pty handles is used.

Cygserver command line options

Options to Cygserver take the normal UNIX-style `-X' or `--longoption' form. Nearly all options have a counterpart in the configuration file (see below) so setting them on the command line isn't really necessary. Command line options override settings from the Cygserver configuration file.

The one-character options are prepended by a single dash, the long variants are prepended with two dashes. Arguments to options are marked in angle brackets below. These are not part of the actual syntax but are used only to denote the arguments. Note that all arguments are required. Cygserver has no options with optional arguments.

The recognized options are:

  • -f, --config-file <file>

    Use <file> as configuration file instead of the default configuration line. The default configuration file is /etc/cygserver.conf. The --help and --version options will print the default configuration pathname.

    This option has no counterpart in the configuration file, for obvious reasons.

  • -c, --cleanup-threads <num>

    Number of threads started to perform cleanup tasks. Default is 2. Configuration file option: kern.srv.cleanup_threads

  • -r, --request-threads <num>

    Number of threads started to serve application requests. Default is 10. The -c and -r options can be used to play with Cygserver's performance under heavy load conditions or on slow machines. Configuration file option: kern.srv.request_threads

  • -d, --debug

    Log debug messages to stderr. These will clutter your stderr output with a lot of information, typically only useful to developers.

  • -e, --stderr

    Force logging to stderr. This is the default if stderr is connected to a tty. Otherwise, the default is logging to the system log. By using the -e, -E, -y, -Y options (or the appropriate settings in the configuration file), you can explicitly set the logging output as you like, even to both, stderr and syslog. Configuration file option: kern.log.stderr

  • -E, --no-stderr

    Don't log to stderr. Configuration file option: kern.log.stderr

  • -y, --syslog

    Force logging to the system log. This is the default, if stderr is not connected to a tty, e. g. redirected to a file. Configuration file option: kern.log.syslog

  • -Y, --no-syslog

    Don't log to syslog. Configuration file option: kern.log.syslog

  • -l, --log-level <level>

    Set the verbosity level of the logging output. Valid values are between 1 and 7. The default level is 6, which is relatively chatty. If you set it to 1, you will get only messages which are printed under severe conditions, which will result in stopping Cygserver itself. Configuration file option: kern.log.level

  • -m, --no-sharedmem

    Don't start XSI IPC Shared Memory support. If you don't need XSI IPC Shared Memory support, you can switch it off here. Configuration file option: kern.srv.sharedmem

  • -q, --no-msgqueues

    Don't start XSI IPC Message Queues. Configuration file option: kern.srv.msgqueues

  • -s, --no-semaphores

    Don't start XSI IPC Semaphores. Configuration file option: kern.srv.semaphores

  • -S, --shutdown

    Shutdown a running daemon and exit. Other methods are sending a SIGHUP to the Cygserver PID or, if running as service, calling `net stop cygserver' or `cygrunsrv -E cygserver'.

  • -h, --help

    Output usage information and exit.

  • -V, --version

    Output version information and exit.

How to start Cygserver

Before you run Cygserver for the first time, you should run the /usr/bin/cygserver-config script once. It creates the default configuration file and, upon request, installs Cygserver as service. The script only performs a default install, with no further options given to Cygserver when running as service. Due to the wide configurability by changing the configuration file, that's typically not necessary.

You should always run Cygserver as a service under LocalSystem account. This is the way it is installed for you by the /usr/bin/cygserver-config script.

The Cygserver configuration file

Cygserver has many options, which allow you to customize the server to your needs. Customization is accomplished by editing the configuration file, which is by default /etc/cygserver.conf. This file is only read once, at startup of Cygserver. There's no option to re-read the file at runtime by, say, sending a signal to Cygserver.

The configuration file determines how Cygserver operates. There are options which set the number of threads running in parallel, options for setting how and what to log and options to set various maximum values for the IPC services.

The default configuration file delivered with Cygserver is installed to /etc/defaults/etc. The /usr/bin/cygserver-config script copies it to /etc, giving you the option to overwrite an already existing file or to leave it alone. Therefore, the /etc file is safe to be changed by you, since it will not be overwritten by a later update installation.

The default configuration file contains many comments which describe everything needed to understand the settings. A comment at the start of the file describes the syntax rules for the file. The default options are shown in the file but are commented out.

It is generally a good idea to uncomment only options which you intend to change from the default values. Since reading the options file on Cygserver startup doesn't take much time, it's also considered good practice to keep all other comments in the file. This keeps you from searching for clues in other sources.