ssh-host-config patch

Miguel A. Figueroa-Villanueva miguelf@ieee.org
Fri Jan 12 21:54:00 GMT 2007


Hello Everyone,

When configuring sshd host with the ssh-host-config script I got
errors from the chown commands at the end of the script. The reason is
that my /etc/group file sets S-1-5-32-544 to 0 not 544 (my
passwd/group files are printed below). I think the following patch is
appropriate so that this case can be handled.

--- /usr/bin/ssh-host-config    2006-11-08 05:09:58.001000000 -0400
+++ ./ssh-host-config   2007-01-12 17:36:47.928733500 -0400
@@ -586,12 +586,18 @@ then
       else
        _user="system"
       fi
+      _group=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}'
${SYSCONFDIR}/group`
+      if [ -z "${_group}" ]
+      then
+        echo "${SYSCONFDIR}/group contains no group with SID
S-1-5-32-544 (Local administrators group)."
+        exit 1
+      fi
       chown "${_user}" ${SYSCONFDIR}/ssh*
-      chown "${_user}".544 ${LOCALSTATEDIR}/empty
-      chown "${_user}".544 ${LOCALSTATEDIR}/log/lastlog
+      chown "${_user}"."${_group}" ${LOCALSTATEDIR}/empty
+      chown "${_user}"."${_group}" ${LOCALSTATEDIR}/log/lastlog
       if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
       then
-       chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log
+       chown "${_user}"."${_group}" ${LOCALSTATEDIR}/log/sshd.log
       fi
     fi
     if ! ( mount | egrep -q 'on /(|usr/(bin|lib)) type system' )

I also had problems starting the deamon because /var/log/sshd.log was
not created and 'system' did not have write permissions to /var/log. I
don't know what is the best solution to this... should /var/log be
go+w? If not then I think there should be something like this in the
sshd-host-config script:

if [ ! -e ${LOCALSTATEDIR}/log/sshd.log ]
then
  cat /dev/null > ${LOCALSTATEDIR}/log/sshd.log
  chmod 644 ${LOCALSTATEDIR}/log/sshd.log
fi

This way when it is chown at the end the deamon will be able to modify it.

Thanks,
--Miguel

/etc/passwd:
==========
everyone:*:1:1:U-HOME_DESKTOP\Everyone,S-1-1-0:/home/everyone:/usr/bin/false
system:*:18:18:U-HOME_DESKTOP\SYSTEM,S-1-5-18:/home/system:/usr/bin/false
admins:*:544:0:U-HOME_DESKTOP\Administrators,S-1-5-32-544:/home/admins:/usr/bin/false
root:unused_by_nt/2000/xp:0:0:U-HOME_DESKTOP\Administrator,S-1-5-21-1935655697-412668190-682003330-500:/home/root:/usr/bin/bash
guelo:unused_by_nt/2000/xp:1004:545:U-HOME_DESKTOP\Guelo,S-1-5-21-1935655697-412668190-682003330-1004:/home/guelo:/usr/bin/bash
ileana:unused_by_nt/2000/xp:1005:545:U-HOME_DESKTOP\Ileana,S-1-5-21-1935655697-412668190-682003330-1005:/home/
ileana:/usr/bin/bash
sshd:unused_by_nt/2000/xp:1010:513:sshdprivsep,U-HOME_DESKTOP\sshd,S-1-5-21-1935655697-412668190-682003330-1010:/var/empty:/bin/false

/etc/group:
========
root:S-1-5-32-544:0:
system:S-1-5-18:18:
users:S-1-5-32-545:545:
powusers:S-1-5-32-547:547:
domusers:S-1-5-21-1935655697-412668190-682003330-513:513:


-- 
Miguel A. Figueroa Villanueva
+1 787 832-4040 x.3498
Departamento de Ingeniería Eléctrica y Computadoras
Universidad de Puerto Rico - Recinto de Mayagüez

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list