delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2006/02/28/07:37:14

X-Spam-Check-By: sourceware.org
Date: Tue, 28 Feb 2006 13:37:01 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: ssh-host-config (/var/log/lastlog)
Message-ID: <20060228123700.GB3184@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20060227103750 DOT GD30238 AT calimero DOT vinschen DOT de> <BAY108-F18A30EDC565726E6C5D0CAB5F60 AT phx DOT gbl>
Mime-Version: 1.0
In-Reply-To: <BAY108-F18A30EDC565726E6C5D0CAB5F60@phx.gbl>
User-Agent: Mutt/1.4.2i
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com 

On Feb 27 11:38, Karl M wrote:
> Hi All...
> 
> It was fun while it lasted 8-)
> 
> Perhaps the permissions/owner for lastlog as a file should be 
> 644/system.none
> 
> It works for me and protects the log a bit better.

Would you mind to give the below patch to ssh-host-config a try?
It now refuses to let you go ahead with a lastlog directory.


Thanks,
Corinna

--- ssh-host-config.ORIG	2006-02-28 13:24:32.248566300 +0100
+++ ssh-host-config	2006-02-28 13:32:22.168803900 +0100
@@ -153,22 +153,31 @@ fi
 
 # Create /var/log and /var/log/lastlog if not already existing
 
-if [ -f ${LOCALSTATEDIR}/log ]
+if [ -e ${LOCALSTATEDIR}/log -a ! -d ${LOCALSTATEDIR}/log ]
 then
-  echo "Creating ${LOCALSTATEDIR}/log failed!"
-else
-  if [ ! -d ${LOCALSTATEDIR}/log ]
-  then
-    mkdir -p ${LOCALSTATEDIR}/log
-  fi
-  if [ -d ${LOCALSTATEDIR}/log/lastlog ]
-  then
-    chmod 777 ${LOCALSTATEDIR}/log/lastlog
-  elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ]
-  then
-    cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
-    chmod 666 ${LOCALSTATEDIR}/log/lastlog
-  fi
+  echo
+  echo "${LOCALSTATEDIR}/log is existant but not a directory."
+  echo "Cannot create ssh host configuration."
+  echo
+  exit 1
+fi
+if [ ! -e ${LOCALSTATEDIR}/log ]
+then
+  mkdir -p ${LOCALSTATEDIR}/log
+fi
+
+if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
+then
+  echo 
+  echo "${LOCALSTATEDIR}/log/lastlog exists, but is not a file."
+  echo "Cannot create ssh host configuration."
+  echo 
+  exit 1
+fi
+if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
+then
+  cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
+  chmod 644 ${LOCALSTATEDIR}/log/lastlog
 fi
 
 # Create /var/empty file used as chroot jail for privilege separation
@@ -578,6 +587,7 @@ then
       fi
       chown "${_user}" ${SYSCONFDIR}/ssh*
       chown "${_user}".544 ${LOCALSTATEDIR}/empty
+      chown "${_user}".544 ${LOCALSTATEDIR}/log/lastlog
       if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
       then
 	chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019