Mail Archives: cygwin/2008/07/31/00:54:30
Corinna Vinschen wrote:
>> On Jul 23 18:34, Corinna Vinschen wrote:
>>> On Jul 23 11:25, Matt Kemmerer wrote:
>>>> Administrator AT ics-dp35xppro ~
>>>> $ ssh-host-config
>>>> *** Warning: The owner and the Administrators need
>>>> *** Warning: to have .w. permission to /var/run.
>>>> *** Warning: Here are the current permissions:
>>>> *** Warning: drwxr-xr-x 2 Administrator None 0 Jul 23 10:21 /var/run
>>>> *** Warning: Please change the user and/or group ownership and
>>>> *** Warning: permissions of /var/run.
>>>> *** ERROR: Problem with /var/run directory. Exiting.
>>> Eeek! You're using FAT32 on a NT based OS? This isn't such a good
>>> idea, actually. There's no security and no permission settings on FAT.
>>> The csih script seems to miss the fact that the directory is on a
>>> non-NTFS drive which isn't capable of setting permissions. Given that
>>> you're installing ssh, which is a paranoid secure playing package,
>>> that's actually a good idea. Ever thought of running convert.exe on
>>> your drive? ;)
>>>
>>> Nevertheless that should be changed in csih.
>> Could you have a look into this, please?
I'm not sure what you think csih should do, here. The whole point is
that we know services require certain things of the system directories,
or they won't work. Are you suggesting that csih just ignore that, and
pretend to correctly install sshd on a FAT32 system?
Only to have sshd itself fail for some hard-for-a-newbie-to-diagnose reason?
Perhaps, rather than checking:
# daemons need access to subdirs, so need traverse permissions...
if ! csih_check_dir_perms "${LOCALSTATEDIR}" d..x..x..x ; then ERROR
# daemons need write access to /var/run to create pid file
if ! csih_check_access "${LOCALSTATEDIR}/run" .w. ; then ERROR
# daemons need write access to /var/log if they do their own logging
if ! csih_check_access "${LOCALSTATEDIR}/log" .w. ; then ERROR
# daemons need access to /var/empty for chrooting
if ! csih_check_access "${LOCALSTATEDIR}/empty" r.x ; then ERROR
in _csih_setup() (which is called by the main csih entry points), those
permission checks could be delegated to the foo_install scripts which
know more about their own specific requirements, rather than the fairly
general requirements above?
Or are you saying that csih should still perform those general checks,
but first:
if the drive on which ${LOCALSTATEDIR} lives is
(1) FAT32
(2) nontsec
(3) on a server and nosmbntsec
then issue a big fat warning, and in that case skip the
permissions tests? What about 1.7 and the acl flag?
ASIDE:
csih_check_basic_mounts
csih_check_sys_mount
might need to be revisited for 1.7
FYI, the other changes to csih that you requested are actually rather
more involved than you would suspect. I've worked on it a bit, but
haven't been able to test it yet. Stay tuned.
--
Chuck
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -