The eternal uid issue

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Jul 28 11:53:00 GMT 2014 

On Jul 28 13:42, D. Boland wrote:
> Hi Corinna,
> 
> Corinna Vinschen wrote:
> > 
> > Still, are you using setuid method 1 or another method?  Is your home
> > dir the default /home/$USER as created from inside the Cygwin
> > environment?  Any chance your home dir has an unusual ACL?
> > 
> > Did you set up sshd as service?  If not, you might consider to do that
> > so you can check what happens when switching to the smmsp account.  Run
> > ssh-host-config as admin, install the service.  Create an authorized_keys
> > file for the smmsp user (run ssh-user-config under smmsp for instance),
> > then start the service.  Now login to the smmsp user account using
> > public key authentication, admin-enabled vs. non-admin as above(*), and
> > observe the permissions ls or stat show you for your home dir.  Are they
> > really different?  If so, let's see the strace output again.
> 
> Argh! I checked the /home folder and it was indeed group and world writable. After
> setting it to 0755 sendmail had no issues anymore. Sendmail checks permissions on
> the entire path. I cannot remember setting it 0777, so something else must have set
> it.

The permissions of the home folder are set to 01777 by default (S_ISVTX
bit!).  Since we can't rely on central administration for Cygwin, this
allows a user to create her own homedir automatically at first start of
a Cygwin shell.

You might consider to disable this full patch check in sendmail for
Cygwin.  Is there some configuration flag, maybe?

> Regarding the suid method: You mean method 1, 2 and 3 in the "Using Windows security
> in Cygwin" article, right? I have nothing special set up, so it uses the default
> method 1.
> 
> As to the sshd, I had it set up as a service already.
> 
> Thanks again for your help. I will announce the Sendmail release soon.

Thanks, but you need to send an ITA to cygwin-apps first.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140728/ca6310a8/attachment.sig>

More information about the Cygwin mailing list