This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)


Corinna Vinschen wrote:
On Jul 23 18:34, Corinna Vinschen wrote:
On Jul 23 11:25, Matt Kemmerer wrote:
Administrator@ics-dp35xppro ~
$ ssh-host-config
*** Warning: The owner and the Administrators need
*** Warning: to have .w. permission to /var/run.
*** Warning: Here are the current permissions:
*** Warning: drwxr-xr-x 2 Administrator None 0 Jul 23 10:21 /var/run
*** Warning: Please change the user and/or group ownership and
*** Warning: permissions of /var/run.
*** ERROR: Problem with /var/run directory. Exiting.

Eeek! You're using FAT32 on a NT based OS? This isn't such a good
idea, actually. There's no security and no permission settings on FAT.
The csih script seems to miss the fact that the directory is on a
non-NTFS drive which isn't capable of setting permissions. Given that
you're installing ssh, which is a paranoid secure playing package,
that's actually a good idea. Ever thought of running convert.exe on
your drive? ;)


Nevertheless that should be changed in csih.
Could you have a look into this, please?

I'm not sure what you think csih should do, here. The whole point is that we know services require certain things of the system directories, or they won't work. Are you suggesting that csih just ignore that, and pretend to correctly install sshd on a FAT32 system?


Only to have sshd itself fail for some hard-for-a-newbie-to-diagnose reason?

Perhaps, rather than checking:
   # daemons need access to subdirs, so need traverse permissions...
   if ! csih_check_dir_perms "${LOCALSTATEDIR}" d..x..x..x ; then ERROR

   # daemons need write access to /var/run to create pid file
   if ! csih_check_access "${LOCALSTATEDIR}/run" .w. ; then ERROR

   # daemons need write access to /var/log if they do their own logging
   if ! csih_check_access "${LOCALSTATEDIR}/log" .w. ; then ERROR

   # daemons need access to /var/empty for chrooting
   if ! csih_check_access "${LOCALSTATEDIR}/empty" r.x ; then ERROR

in _csih_setup() (which is called by the main csih entry points), those permission checks could be delegated to the foo_install scripts which know more about their own specific requirements, rather than the fairly general requirements above?

Or are you saying that csih should still perform those general checks, but first:
if the drive on which ${LOCALSTATEDIR} lives is
(1) FAT32
(2) nontsec
(3) on a server and nosmbntsec
then issue a big fat warning, and in that case skip the
permissions tests? What about 1.7 and the acl flag?


ASIDE:
   csih_check_basic_mounts
   csih_check_sys_mount
might need to be revisited for 1.7


FYI, the other changes to csih that you requested are actually rather more involved than you would suspect. I've worked on it a bit, but haven't been able to test it yet. Stay tuned.


--
Chuck

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]