sshd default user PATH

Achim Gratz Stromeko@NexGo.DE
Thu Aug 14 12:28:00 GMT 2014

Corinna Vinschen <corinna-cygwin <at>> writes:
> On other systems sshd sets $PATH to "/usr/bin:/bin:/usr/sbin:/sbin", but
> on Cygwin it doesn't change $PATH and just takes what it got from
> cygrunsrv so as not to break the search path for DLLs not in the system
> directories.

I'm running Cygwin since years with all traces of the Windows path
deliberately deleted and never hit any problem.  That would be different if
I tried to mix windows applications in, but I prefer to have wrapper scripts
for those anyway.

> So this is kind of a cygrunsrv problem.  It simply appends /bin to
> $PATH, rather than prepending it.

Ah, I was wondering where that comes from since nothing in sshd does it.  So
sshd just takes over the environment as set up by cygrunsrv?  Then it might
be a lot easier to just tell cygrunsrv what to put into PATH.

> Right, /etc/default/login and, fwiw, any method to change $PATH from the
> default path is disabled on Cygwin deliberately for the reason outlined
> above.

Thanks for confirming, after staring at the configure output for a while
I've finally found that #ifdef in the source...

> It's not that simple.  It requires a code change in sshd.  However,
> maybe the rigorous handling is not required anymore these days.

May not be necessary anyway.
> Anyway, even if I re-enable /etc/default/login and the standard PATH
> handling in sshd, there's no way to set an arbitrary environment.  For
> security reasons, sshd is very selective in the environment variables it
> sets up.  From /etc/default/login, it takes *only* PATH and UMASK,
> for instance.  Everything else should be set in the shell profiles.

I really only need PATH at the moment.  If I bounce commands directly onto
the server without going through a login shell nothing really works as
expected at the moment since Cygwin is last in path.  I don't want to add
Cygwin to the Windows path for other reasons and I really don't have control
what else gets added there and in which order.

> So, here's what I'll do:
> - Change cygrunsrv to prepend /bin to $PATH rather then appending it.

I would appreciate if it could (optionally) look in some configuration file
(/etc/environment ?) and use PATH as defined there and store the path as set
up in Windows in ORIGINAL_PATH (like done in /etc/profile, where this is
conditional on CYGWIN_NOWINPATH being present).

> - Drop the Cygwin specific ignorance of /etc/default/login from the
>   source code and build a new OpenSSH package.
> Does that sound ok?

Very much.  If the environment can be controlled via cygrunsrv, then the
changes to sshd might not be necessary.  I've just tried using "-e
PATH=/bin" in the sshd service startup, but PATH still seems to be
hardcopied from Windows (the setting is ignored if the environment variable
already exists?).


Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list