This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd, /etc/hosts.allow, & Alternate Access Methods


Igor Peshansky wrote:

On Thu, 23 Feb 2006, Tim Daneliuk wrote:


<SNIP>

Same reason -- Cygwin isn't really ACL-aware.  You can also restore the
original ACLs by running something like "getfacl hosts.allow | setfacl -f
- hosts.allow.orig" (assuming the owner stays the same).


-rwx------+ 1 tundra None  200 Feb 23 00:15 hosts.allow
-rwx------  1 tundra None  200 Feb 23 00:15 hosts.allow.orig
-rwx------+ 1 tundra None  407 Feb 23 00:15 hosts.deny


These files should really be owned by SYSTEM (or whatever user sshd runs
as).
HTH,
	Igor

Ahh - that was the hint I needed. But here is something very strange:


As installed, hosts.allow is owned by the installing user - in this
case, "tundra" who is also an Administrator on the system.  sshd
properly recognizes the rule found in this file.  HOWEVER, if I edit
the file (to change allow rules), I *have* to chown it to SYSTEM or
ssh access outside localhost fails.  Stranger still is that once
the file is owned by SYSTEM, it cannot be further edited because
I get a "Permission Denied" on it with emacs or vi - strange considering
that I am an Administrator on the system.

P.S. Did I mention that I hate the Windows security model ;)

--
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/


-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]