Quantcast

ssh-host-config script fails

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ssh-host-config script fails

Matt Kemmerer
I've recently installed cygwin on a Windows XP box. I followed the same
procedure I have in the past but this time I received a number of
errors. Here's what I did:

* Downloaded setup.exe from cygwin.com
* Installed from the internet and selected emacs and OpenSSH to be
installed
* Started up a shell and typed ssh-host-config
In the past I was nearly done at this point but this time I received the
following error:

Administrator@ics-dp35xppro ~

$ ssh-host-config

/usr/bin/ssh-host-config: line 23:
/usr/share/csih/cygwin-service-installation-helper.sh: No such file or
directory
/usr/bin/ssh-host-config: line 466: csih_make_dir: command not found

/usr/bin/ssh-host-config: line 471: csih_make_dir: command not found

/usr/bin/ssh-host-config: line 489: csih_make_dir: command not found

chmod: cannot access `/var/empty': No such file or directory

setfacl: No such file or directory

/usr/bin/ssh-host-config: line 37: csih_inform: command not found

/usr/bin/ssh-host-config: line 43: csih_inform: command not found

/usr/bin/ssh-host-config: line 49: csih_inform: command not found

/usr/bin/ssh-host-config: line 498: csih_check_program_or_error: command
not found

/usr/bin/ssh-host-config: line 502: csih_install_config: command not
found      
/usr/bin/ssh-host-config: line 514: csih_install_config: command not
found      
grep: /etc/sshd_config: No such file or directory

/usr/bin/ssh-host-config: line 130: csih_is_nt: command not found

/usr/bin/ssh-host-config: line 65: csih_is_nt: command not found

grep: /ssh-host-config.596/SERVICES: No such file or directory

grep: /ssh-host-config.596/SERVICES: No such file or directory

/usr/bin/ssh-host-config: line 105: /ssh-host-config.596/SERVICES: No
such file or directory

/usr/bin/ssh-host-config: line 115: csih_warning: command not found

/usr/bin/ssh-host-config: line 270: csih_is_nt: command not found

/usr/bin/ssh-host-config: line 528: csih_inform: command not found

Consequently I went back to the setup.exe and install csih and diffutils
(a step that previously was not required) and ran ssh-host-config again
with the following result:

Administrator@ics-dp35xppro ~
$ ssh-host-config
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH
3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read
/usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Warning: The owner and the Administrators need
*** Warning: to have .w. permission to /var/run.
*** Warning: Here are the current permissions:
*** Warning: drwxr-xr-x 2 Administrator None 0 Jul 23 10:21 /var/run
*** Warning: Please change the user and/or group ownership and
*** Warning: permissions of /var/run.
*** ERROR: Problem with /var/run directory. Exiting.

I've tried changing the permissions on /var/run but the commands chgrp
and chmod both produce no error but do not change the permissions
either.

I have attached the results of cygcheck -s -v -r > cygcheck.out as per
the problem reporting guidelines.

--Matt Kemmerer
Software Engineer
ICS
www.washnet.com

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

cygcheck.out (14K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ssh-host-config script fails

Corinna Vinschen-2
On Jul 23 11:25, Matt Kemmerer wrote:

> I've recently installed cygwin on a Windows XP box. I followed the same
> procedure I have in the past but this time I received a number of
> errors. Here's what I did:
>
> * Downloaded setup.exe from cygwin.com
> * Installed from the internet and selected emacs and OpenSSH to be
> installed
> * Started up a shell and typed ssh-host-config
> In the past I was nearly done at this point but this time I received the
> following error:
>
> Administrator@ics-dp35xppro ~
>
> $ ssh-host-config
>
> /usr/bin/ssh-host-config: line 23:
> /usr/share/csih/cygwin-service-installation-helper.sh: No such file or
> directory

Uh, yes, I missed to add the csih dependency to setup.hint.  I just
did that on cygwin.com, should be at the mirrors shortly.

> Administrator@ics-dp35xppro ~
> $ ssh-host-config
> *** Info: Creating default /etc/ssh_config file
> *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
> *** Info: Creating default /etc/sshd_config file
> *** Info: Privilege separation is set to yes by default since OpenSSH
> 3.3.
> *** Info: However, this requires a non-privileged account called 'sshd'.
> *** Info: For more info on privilege separation read
> /usr/share/doc/openssh/README.privsep.
> *** Query: Should privilege separation be used? (yes/no) yes
> *** Warning: The owner and the Administrators need
> *** Warning: to have .w. permission to /var/run.
> *** Warning: Here are the current permissions:
> *** Warning: drwxr-xr-x 2 Administrator None 0 Jul 23 10:21 /var/run
> *** Warning: Please change the user and/or group ownership and
> *** Warning: permissions of /var/run.
> *** ERROR: Problem with /var/run directory. Exiting.
>
> I've tried changing the permissions on /var/run but the commands chgrp
> and chmod both produce no error but do not change the permissions
> either.

Eeek!  You're using FAT32 on a NT based OS?  This isn't such a good
idea, actually.  There's no security and no permission settings on FAT.
The csih script seems to miss the fact that the directory is on a
non-NTFS drive which isn't capable of setting permissions.  Given that
you're installing ssh, which is a paranoid secure playing package,
that's actually a good idea.  Ever thought of running convert.exe on
your drive? ;)

Nevertheless that should be changed in csih.


Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: ssh-host-config script fails

Matt Kemmerer

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf
Of Corinna Vinschen
Sent: Wednesday, July 23, 2008 12:35 PM
To: [hidden email]
Subject: Re: ssh-host-config script fails

On Jul 23 11:25, Matt Kemmerer wrote:
>> I've recently installed cygwin on a Windows XP box. I followed the
same
>> procedure I have in the past but this time I received a number of
>> errors. Here's what I did:
>>
>> * Downloaded setup.exe from cygwin.com
>> * Installed from the internet and selected emacs and OpenSSH to be
>> installed
>> * Started up a shell and typed ssh-host-config
>> In the past I was nearly done at this point but this time I received
the
>> following error:
>>
>> Administrator@ics-dp35xppro ~
>>
>> $ ssh-host-config
>>
>> /usr/bin/ssh-host-config: line 23:
>> /usr/share/csih/cygwin-service-installation-helper.sh: No such file
or

>> directory
>
>Uh, yes, I missed to add the csih dependency to setup.hint.  I just
>did that on cygwin.com, should be at the mirrors shortly.
>
>> Administrator@ics-dp35xppro ~
>> $ ssh-host-config
>> *** Info: Creating default /etc/ssh_config file
>> *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
>> *** Info: Creating default /etc/sshd_config file
>> *** Info: Privilege separation is set to yes by default since OpenSSH
>> 3.3.
>> *** Info: However, this requires a non-privileged account called
'sshd'.

>> *** Info: For more info on privilege separation read
>> /usr/share/doc/openssh/README.privsep.
>> *** Query: Should privilege separation be used? (yes/no) yes
>> *** Warning: The owner and the Administrators need
>> *** Warning: to have .w. permission to /var/run.
>> *** Warning: Here are the current permissions:
>> *** Warning: drwxr-xr-x 2 Administrator None 0 Jul 23 10:21 /var/run
>> *** Warning: Please change the user and/or group ownership and
>> *** Warning: permissions of /var/run.
>> *** ERROR: Problem with /var/run directory. Exiting.
>>
>> I've tried changing the permissions on /var/run but the commands
chgrp

>> and chmod both produce no error but do not change the permissions
>> either.
>
>Eeek!  You're using FAT32 on a NT based OS?  This isn't such a good
>idea, actually.  There's no security and no permission settings on FAT.
>The csih script seems to miss the fact that the directory is on a
>non-NTFS drive which isn't capable of setting permissions.  Given that
>you're installing ssh, which is a paranoid secure playing package,
>that's actually a good idea.  Ever thought of running convert.exe on
>your drive? ;)

>Nevertheless that should be changed in csih.


What version of csih should I look for with the fix? All the versions I
see on the mirror were modified on 7/19.

Also using FAT32 isn't really a choice. Someday I hope to leave it
behind but I'll have to make do in the meantime :)

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ssh-host-config script fails

Corinna Vinschen-2
On Jul 23 13:47, Matt Kemmerer wrote:
> What version of csih should I look for with the fix? All the versions I
> see on the mirror were modified on 7/19.

There is no fix for csih yet.  As a workaround, install the older
OpenSSH 5.0p1-1.  I changed the installation dir on cygwin.com, so that
that version should be available (again) on the mirrors in a couple of
hours.


Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: ssh-host-config script fails

Matt Kemmerer
>There is no fix for csih yet.  As a workaround, install the older
>OpenSSH 5.0p1-1.  I changed the installation dir on cygwin.com, so that
>that version should be available (again) on the mirrors in a couple of
>hours.


>Corinna


Thanks, I'll install the old version for now. I look forward to the
fixed release.

--Matt

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)

Corinna Vinschen-2
In reply to this post by Corinna Vinschen-2
Hi Chuck,

On Jul 23 18:34, Corinna Vinschen wrote:

> On Jul 23 11:25, Matt Kemmerer wrote:
> > Administrator@ics-dp35xppro ~
> > $ ssh-host-config
> > *** Info: Creating default /etc/ssh_config file
> > *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
> > *** Info: Creating default /etc/sshd_config file
> > *** Info: Privilege separation is set to yes by default since OpenSSH
> > 3.3.
> > *** Info: However, this requires a non-privileged account called 'sshd'.
> > *** Info: For more info on privilege separation read
> > /usr/share/doc/openssh/README.privsep.
> > *** Query: Should privilege separation be used? (yes/no) yes
> > *** Warning: The owner and the Administrators need
> > *** Warning: to have .w. permission to /var/run.
> > *** Warning: Here are the current permissions:
> > *** Warning: drwxr-xr-x 2 Administrator None 0 Jul 23 10:21 /var/run
> > *** Warning: Please change the user and/or group ownership and
> > *** Warning: permissions of /var/run.
> > *** ERROR: Problem with /var/run directory. Exiting.
> >
> > I've tried changing the permissions on /var/run but the commands chgrp
> > and chmod both produce no error but do not change the permissions
> > either.
>
> Eeek!  You're using FAT32 on a NT based OS?  This isn't such a good
> idea, actually.  There's no security and no permission settings on FAT.
> The csih script seems to miss the fact that the directory is on a
> non-NTFS drive which isn't capable of setting permissions.  Given that
> you're installing ssh, which is a paranoid secure playing package,
> that's actually a good idea.  Ever thought of running convert.exe on
> your drive? ;)
>
> Nevertheless that should be changed in csih.

Could you have a look into this, please?


Thanks,
Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)

Corinna Vinschen-2
Chuck?

On Jul 24 11:22, Corinna Vinschen wrote:

> Hi Chuck,
>
> On Jul 23 18:34, Corinna Vinschen wrote:
> > On Jul 23 11:25, Matt Kemmerer wrote:
> > > Administrator@ics-dp35xppro ~
> > > $ ssh-host-config
> > > *** Info: Creating default /etc/ssh_config file
> > > *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
> > > *** Info: Creating default /etc/sshd_config file
> > > *** Info: Privilege separation is set to yes by default since OpenSSH
> > > 3.3.
> > > *** Info: However, this requires a non-privileged account called 'sshd'.
> > > *** Info: For more info on privilege separation read
> > > /usr/share/doc/openssh/README.privsep.
> > > *** Query: Should privilege separation be used? (yes/no) yes
> > > *** Warning: The owner and the Administrators need
> > > *** Warning: to have .w. permission to /var/run.
> > > *** Warning: Here are the current permissions:
> > > *** Warning: drwxr-xr-x 2 Administrator None 0 Jul 23 10:21 /var/run
> > > *** Warning: Please change the user and/or group ownership and
> > > *** Warning: permissions of /var/run.
> > > *** ERROR: Problem with /var/run directory. Exiting.
> > >
> > > I've tried changing the permissions on /var/run but the commands chgrp
> > > and chmod both produce no error but do not change the permissions
> > > either.
> >
> > Eeek!  You're using FAT32 on a NT based OS?  This isn't such a good
> > idea, actually.  There's no security and no permission settings on FAT.
> > The csih script seems to miss the fact that the directory is on a
> > non-NTFS drive which isn't capable of setting permissions.  Given that
> > you're installing ssh, which is a paranoid secure playing package,
> > that's actually a good idea.  Ever thought of running convert.exe on
> > your drive? ;)
> >
> > Nevertheless that should be changed in csih.
>
> Could you have a look into this, please?
>
>
> Thanks,
> Corinna
>
> --
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader          cygwin AT cygwin DOT com
> Red Hat
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)

Charles Wilson-2
Corinna Vinschen wrote:

>> On Jul 23 18:34, Corinna Vinschen wrote:
>>> On Jul 23 11:25, Matt Kemmerer wrote:
>>>> Administrator@ics-dp35xppro ~
>>>> $ ssh-host-config
>>>> *** Warning: The owner and the Administrators need
>>>> *** Warning: to have .w. permission to /var/run.
>>>> *** Warning: Here are the current permissions:
>>>> *** Warning: drwxr-xr-x 2 Administrator None 0 Jul 23 10:21 /var/run
>>>> *** Warning: Please change the user and/or group ownership and
>>>> *** Warning: permissions of /var/run.
>>>> *** ERROR: Problem with /var/run directory. Exiting.

>>> Eeek!  You're using FAT32 on a NT based OS?  This isn't such a good
>>> idea, actually.  There's no security and no permission settings on FAT.
>>> The csih script seems to miss the fact that the directory is on a
>>> non-NTFS drive which isn't capable of setting permissions.  Given that
>>> you're installing ssh, which is a paranoid secure playing package,
>>> that's actually a good idea.  Ever thought of running convert.exe on
>>> your drive? ;)
>>>
>>> Nevertheless that should be changed in csih.
>> Could you have a look into this, please?

I'm not sure what you think csih should do, here.  The whole point is
that we know services require certain things of the system directories,
or they won't work.  Are you suggesting that csih just ignore that, and
pretend to correctly install sshd on a FAT32 system?

Only to have sshd itself fail for some hard-for-a-newbie-to-diagnose reason?

Perhaps, rather than checking:
    # daemons need access to subdirs, so need traverse permissions...
    if ! csih_check_dir_perms "${LOCALSTATEDIR}" d..x..x..x ; then ERROR

    # daemons need write access to /var/run to create pid file
    if ! csih_check_access "${LOCALSTATEDIR}/run" .w. ; then ERROR

    # daemons need write access to /var/log if they do their own logging
    if ! csih_check_access "${LOCALSTATEDIR}/log" .w. ; then ERROR

    # daemons need access to /var/empty for chrooting
    if ! csih_check_access "${LOCALSTATEDIR}/empty" r.x ; then ERROR

in _csih_setup() (which is called by the main csih entry points), those
permission checks could be delegated to the foo_install scripts which
know more about their own specific requirements, rather than the fairly
general requirements above?

Or are you saying that csih should still perform those general checks,
but first:
    if the drive on which ${LOCALSTATEDIR} lives is
      (1) FAT32
      (2) nontsec
      (3) on a server and nosmbntsec
    then issue a big fat warning, and in that case skip the
    permissions tests? What about 1.7 and the acl flag?

ASIDE:
    csih_check_basic_mounts
    csih_check_sys_mount
might need to be revisited for 1.7


FYI, the other changes to csih that you requested are actually rather
more involved than you would suspect.  I've worked on it a bit, but
haven't been able to test it yet.  Stay tuned.

--
Chuck

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)

Corinna Vinschen-2
On Jul 31 00:53, Charles Wilson wrote:

> Corinna Vinschen wrote:
>>>> Eeek!  You're using FAT32 on a NT based OS?  This isn't such a good
>>>> idea, actually.  There's no security and no permission settings on FAT.
>>>> The csih script seems to miss the fact that the directory is on a
>>>> non-NTFS drive which isn't capable of setting permissions.  Given that
>>>> you're installing ssh, which is a paranoid secure playing package,
>>>> that's actually a good idea.  Ever thought of running convert.exe on
>>>> your drive? ;)
>>>> Nevertheless that should be changed in csih.
>>> Could you have a look into this, please?
>
> I'm not sure what you think csih should do, here.  The whole point is that
> we know services require certain things of the system directories, or they
> won't work.  Are you suggesting that csih just ignore that, and pretend to
> correctly install sshd on a FAT32 system?
>
> Only to have sshd itself fail for some hard-for-a-newbie-to-diagnose
> reason?

Sshd won't fail on FAT32 since it checks the file system capbailities
before checking for strict permissions.

> Perhaps, rather than checking:
>    # daemons need access to subdirs, so need traverse permissions...
>    if ! csih_check_dir_perms "${LOCALSTATEDIR}" d..x..x..x ; then ERROR
>[...]
> in _csih_setup() (which is called by the main csih entry points), those
> permission checks could be delegated to the foo_install scripts which know
> more about their own specific requirements, rather than the fairly general
> requirements above?
>
> Or are you saying that csih should still perform those general checks, but
> first:
>    if the drive on which ${LOCALSTATEDIR} lives is
>      (1) FAT32
>      (2) nontsec
>      (3) on a server and nosmbntsec
>    then issue a big fat warning, and in that case skip the
>    permissions tests? What about 1.7 and the acl flag?

A check for non-NTFS should be sufficient for now, IMHO.  It's bad
enough to run an OS on such an insecure file system, but it's hard to
enforce upgrading to NTFS.  However, ntsec and smbntsec are dead in the
water and I don't think we should encourage usage of noacl more than
necessary, especially for sensitive services.

> ASIDE:
>    csih_check_basic_mounts
>    csih_check_sys_mount
> might need to be revisited for 1.7
>
> FYI, the other changes to csih that you requested are actually rather more
> involved than you would suspect.  I've worked on it a bit, but haven't been
> able to test it yet.  Stay tuned.

Ok, no worries,
Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)

Charles Wilson-2
Corinna Vinschen wrote:
> A check for non-NTFS should be sufficient for now, IMHO.  It's bad
> enough to run an OS on such an insecure file system, but it's hard to
> enforce upgrading to NTFS.  However, ntsec and smbntsec are dead in the
> water and I don't think we should encourage usage of noacl more than
> necessary, especially for sensitive services.

So, I'd basically need to check the fstype for each of the directories
of interest (they MAY all be on the same volume, but not necessarily).
    /var
    /var/run
    /var/log
    /var/empty
    /etc
So, how do I do that portably?  The 1.7 version of mount returns that
information, but the 1.5 version does not.  What if I import your
getvolinfo program
   http://cygwin.com/ml/cygwin/2007-08/msg00040.html
as one of the csih helper progs, and put it under /usr/lib/csih/
(alternatively, import getvolinfo into cygutils).

In that case, I wouldn't need to check for NTFS at all -- instead, I'd
check for "FILE_PERSISTENT_ACLS[ ]*: TRUE", right?

Or is there a better way?

--
Chuck

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)

Corinna Vinschen-2
On Aug  4 20:51, Charles Wilson wrote:

> Corinna Vinschen wrote:
>> A check for non-NTFS should be sufficient for now, IMHO.  It's bad
>> enough to run an OS on such an insecure file system, but it's hard to
>> enforce upgrading to NTFS.  However, ntsec and smbntsec are dead in the
>> water and I don't think we should encourage usage of noacl more than
>> necessary, especially for sensitive services.
>
> So, I'd basically need to check the fstype for each of the directories of
> interest (they MAY all be on the same volume, but not necessarily).
>    /var
>    /var/run
>    /var/log
>    /var/empty
>    /etc
> So, how do I do that portably?  The 1.7 version of mount returns that
> information, but the 1.5 version does not.  What if I import your

Oh, right.

> getvolinfo program
>   http://cygwin.com/ml/cygwin/2007-08/msg00040.html
> as one of the csih helper progs, and put it under /usr/lib/csih/
> (alternatively, import getvolinfo into cygutils).
>
> In that case, I wouldn't need to check for NTFS at all -- instead, I'd
> check for "FILE_PERSISTENT_ACLS[ ]*: TRUE", right?

Sounds like a good idea to me.  OTOH, whatever you test, you might not
cover all situations.  What about letting the user override the test?


Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)

Charles Wilson-2
Corinna Vinschen wrote:
> On Aug  4 20:51, Charles Wilson wrote:

>> getvolinfo program
>>   http://cygwin.com/ml/cygwin/2007-08/msg00040.html
>> as one of the csih helper progs, and put it under /usr/lib/csih/
>> (alternatively, import getvolinfo into cygutils).
>>
>> In that case, I wouldn't need to check for NTFS at all -- instead, I'd
>> check for "FILE_PERSISTENT_ACLS[ ]*: TRUE", right?
>
> Sounds like a good idea to me.  OTOH, whatever you test, you might not
> cover all situations.  What about letting the user override the test?

Well, I can set up a new variable that calling scripts could assert, in
order to force behavior one way or the other. But it would be up to the
calling scripts to create a command line option so that the end user
could override behavior. (although I suppose the end user could set them
as exported environment vars)

I'm thinking something like a list of mount points that are/are-not ACL
capable:

csih_WIN32_VOLS_WITH_ACLS="E:;//server/share;F:"
csih_WIN32_VOLS_WITHOUT_ACLS="C:;D:;//server/othershare"

Then these lists would be checked first, before using getvolinfo for
unspecified mounts. That is:

csih_path_supports_acls()
{
     # convert $1 to win32
     # check if it starts with any of the volumes
     #   in csih_WIN32_VOLS_WITH_ACLS (\,/-agnostic)
     #   and return true
     # check if it starts with any of the volumes
     #   in csih_WIN32_VOLS_WITHOUT_ACLS (\,/-agnostic)
     #   and return false
     return getvolinfo $1 | egrep "FILE_PERSISTENT_ACLS[ ]*: TRUE"
}

--
Chuck

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)

Charles Wilson-2
Charles Wilson wrote:

> csih_WIN32_VOLS_WITH_ACLS="E:;//server/share;F:"
> csih_WIN32_VOLS_WITHOUT_ACLS="C:;D:;//server/othershare"
>
> Then these lists would be checked first, before using getvolinfo for
> unspecified mounts. That is:
>
> csih_path_supports_acls()
> {
>     # convert $1 to win32
>     # check if it starts with any of the volumes
>     #   in csih_WIN32_VOLS_WITH_ACLS (\,/-agnostic)
>     #   and return true
>     # check if it starts with any of the volumes
>     #   in csih_WIN32_VOLS_WITHOUT_ACLS (\,/-agnostic)
>     #   and return false
>     return getvolinfo $1 | egrep "FILE_PERSISTENT_ACLS[ ]*: TRUE"
> }
As attached.

--
Chuck

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

csih_path_supports_acls.sh.gz (2K) Download Attachment
Loading...