delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2003/09/08/12:24:08

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Mon, 8 Sep 2003 12:23:53 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
Subject: Re: sshd "PrintLastLog yes"
In-Reply-To: <20030908160746.GC7908@redhat.com>
Message-ID: <Pine.GSO.4.56.0309081219290.7348@slinky.cs.nyu.edu>
References: <99AE13FA0F1F824AA6D299741FE6C82F8EC6 AT dcp1 DOT home DOT fermin DOT ch>
<5 DOT 1 DOT 0 DOT 14 DOT 0 DOT 20030907142823 DOT 0468a3d8 AT 127 DOT 0 DOT 0 DOT 1> <20030908110159 DOT A25263 AT ns1 DOT iocc DOT com>
<20030908160746 DOT GC7908 AT redhat DOT com>
Importance: Normal
MIME-Version: 1.0 

On Mon, 8 Sep 2003, Christopher Faylor wrote:

> On Mon, Sep 08, 2003 at 11:01:59AM -0500, Joshua Daniel Franklin wrote:
> >On Sun, Sep 07, 2003 at 02:30:47PM -0400, Larry Hall wrote:
> >> At 05:30 AM 9/7/2003, Fermin Sanchez you wrote:
> >> >I did a chmod 664 on /var/log/lastlog, now it works. Thank you again!
> >> >One good side effect: I'm going to put all this information into a "how
> >> >to install and run cygwin and sshd on a Windows Server 2003 Domain
> >> >Controller" ;-)
> >>
> >> It would be great to see this as an addition to the Cygwin docs and/or
> >> automated by the post-install script too.  Just a thought.
> >
> >Personally I think this is a candidate for a specific package README,
> >though maybe some language could be added to "Security" section of the
> >User's Guide.
>
> I'm not sure I understand the argument against automatically setting the
> permissions on /var/log/lastlog to something which would allow a
> properly privileged account to access the file.  It seems like this
> is a good post-install candidate to me.
>
> cgf

The argument is that you don't always know what the properly privileged
account *is*.  You can't assume that it's "system" (not on Win2003, at
least).  I don't disagree that on new installs this should be set to
something sensible, but we should leave power users the ability to
manipulate their filesystem in the way they want to without having to
worry about postinstall scripts changing that setup.  That's why I
suggested adding this into "ssh-host-config" (which will presumably be run
by new users to set up sshd) instead.  Another advantage of
"ssh-host-config" is that it's interactive (whereas postinstall scripts
aren't, or shouldn't be).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019