Mail Archives: cygwin/2015/01/27/05:22:43

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2015/01/27/05:22:43

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=OWIchdr/spuFl9wVTSsxRJJq30VpBSvu/ykVIyaOWXoO64gV2sMK+

tSl8roOtRL+ZeGi0/2GWM3HUOlKOvvYptA8okayjkI26OJ1JibVOmDhhwkTqqPdR

slhj+DXAEndZRj14ejRap+C1/X8QkKtypQximwQNgZ1bWVZO9JBe70=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=OKlAaPiIFOkLErOglsVHGfggM7g=; b=S1l/MonJctMnvCPCDIJn8ODnpOUF

fhY8J5hV9QwGMsu2zQgNJzGZVMf5Nz478XU394k14/761OS0cW6LgCJ6ivYQYN1g

hjtAqgcJPGBZZOErmAD/glkeJ2NY9O0yLfW2mg406Q4SZXNe60JAlUFa0D9ttcIu

0eiSt68GZTAMIlc=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-5.0 required=5.0 tests=AWL autolearn=ham version=3.3.2

X-HELO: calimero.vinschen.de

Date: Tue, 27 Jan 2015 11:21:50 +0100

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Failure in merging win-env vars into post-'login'...

Message-ID: <20150127102150.GG14265@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <announce DOT 20150114124044 DOT GD15791 AT calimero DOT vinschen DOT de> <54B7365C DOT 7020307 AT tlinx DOT org> <20150115091110 DOT GA10242 AT calimero DOT vinschen DOT de> <54B8DD29 DOT 20901 AT tlinx DOT org> <20150116105114 DOT GC3122 AT calimero DOT vinschen DOT de> <54B9AFF4 DOT 6010903 AT tlinx DOT org> <20150119102606 DOT GC10055 AT calimero DOT vinschen DOT de> <54C1A682 DOT 6060103 AT tlinx DOT org> <20150123113657 DOT GB19127 AT calimero DOT vinschen DOT de> <54C2F6A6 DOT 2070309 AT tlinx DOT org>

MIME-Version: 1.0

In-Reply-To: <54C2F6A6.2070309@tlinx.org>

User-Agent: Mutt/1.5.23 (2014-03-12)

--eVzOFob/8UvintSX
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Linda,

On Jan 23 17:34, Linda Walsh wrote:
> Corinna Vinschen wrote:
>=20
> >- Can you please start inetd under strace, once under 1.7.33, once under
> >  the 1.7.34 test DLL and then log in as you usally do?  This requires
> >  some patience because under strace the whole process of logging in
> >  will become almost unbearably slow.
> ----
> 	~20 seconds?
>=20
> >  With the test DLL, you can stop
> >  immediately after the password prompt shows up.
> ---
> I trimmed both of the traces in gvim to the point when they
> both first call "-bash".

Thanks for the straces.  I think I know what happens.

First of all, under Cygwin 1.7.34 rlogin reads your .rhosts file
just the same as under 1.7.33.

The difference is apparently that under 1.7.34, rlogin refuses the
file due to too open permissions.

This is a result of the fix in POSIX ACL handling.  For a start, run
`ls -l .rhosts' under both Cygwin versions.  What you will see (more
or less) is something like this:

  1.7.33$ ls -l .rhosts
  -rw-------. 2 law.Bliss  groupname Jan 23 17:56 .rhosts

  1.7.34$ ls -l .rhosts
  -rw-rwx---. 2 law.Bliss  groupname Jan 23 17:56 .rhosts

Do you see the group permissions?  They are too open, because your
.rhosts' ACL contains permissions for other users, for instance,
Administrators or SYSTEM.

The ACL handling fix in Cygwin 1.7.34 causes that.  Basically it's
a result of (finally) implementing this POSIX ACL behaviour (quote
from Linux' `man 5 acl':

  There is a correspondence between the file owner, group, and other
  permissions and specific ACL entries: the owner permissions correspond
  to the permissions of the ACL_USER_OBJ entry. If the ACL has an
  ACL_MASK entry, the group permissions correspond to the permissions of
  the ACL_MASK entry.  Otherwise, if the ACL has no ACL_MASK entry, the
  group permissions correspond to the permissions of the ACL_GROUP_OBJ
  entry.  The other permissions correspond to the permissions of the
  ACL_OTHER_OBJ entry.

So the group permission bits reflect the ACL_MASK value, and the ACL_MASK
value is the inclusive or of all permissions of all secondary ACL_USER
and ACL_GROUP entries in the ACL.  For instance:

  user:                  rw-
  group:                 r--
  other:                 ---
  group:Administrators:  --x

  =3D=3D> $ ls -l file
  -rwr-x--- ...

So the permissions become the or'ed mask of the permissions of the
primary group and all secondary users' and group:

  r-- OR --x =3D r-x

So, the problem are the permissions.  How do you change that?  That's
easy.  Just remove all ACL entries which don't belong to the standard
POSIX permissions.  The new setfacl(1) in 1.7.34 has a simple command
for that:

  $ setfacl -b .rhosts

The result should be:

  1.7.34$ ls -l .rhosts
  -rw-------. 2 law.Bliss  groupname Jan 23 17:56 .rhosts

HTH,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--eVzOFob/8UvintSX
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUx2a+AAoJEPU2Bp2uRE+gD+AP/A0JihgTXzhIGMHAd8XvqxrX
LZsIC5Pf3scX/MNjuXdSPjrPup1E6n7cV/g3LDI2eTvClfyoy+pIFV7v0nCkeXOV
IXJoMkmxisKSHAaMvqW0YKKc0sO6OIMZ7c07qae04JV7z7eGknJsoQHDTd+OYaze
9C/dFFVFtIjc83KEJzGfjiiSlPs1lWDMdwnf/fxxljueux4LIJnnlhsGNuTvxWuN
26Z6UZwKyjrjWc2HYk4uGgKAILQjf0fysBiwpx4mtgdNM0JPOxcvMHDirYFR4klI
eI6/tbvOxjBSfMhyqhtVBDH6sjOUfGckrx+gBZAfey/B9B5nyHjwk1ZPVYe+uYzZ
GPzuzTXLjQa94Wt9PvOKsCqIxlErBg0bg5GjfCz+DoHz+hxHsdpcL0++soT8wMJ/
0eDMKkaSmzf4Kyjk99poilOFcEr8+3V1sP+7Gmm0SBN1KhpAcHaMjbpzRT5+8vOM
K7etFY40Hosp9n318lMa9DINCwvZi5lop2vXUBhgWLZfcfD+CE6CiUdDrwnDAbVV
KYqT/EWO8/fk6nHvrXcLCshOrDcTNoeBvdSPp0wen/oyPTWnm/7Yqe/Ej4vPsI1T
RBuLECVBN7U0gODIEbOF8v/3qZQvPxSpS0IoAtn2VocLT4axnL+zHkpEMuQ1RtyJ
djKzBb3N17C2c+hJsjSK
=MLKM
-----END PGP SIGNATURE-----

--eVzOFob/8UvintSX--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=OWIchdr/spuFl9wVTSsxRJJq30VpBSvu/ykVIyaOWXoO64gV2sMK+
	tSl8roOtRL+ZeGi0/2GWM3HUOlKOvvYptA8okayjkI26OJ1JibVOmDhhwkTqqPdR
	slhj+DXAEndZRj14ejRap+C1/X8QkKtypQximwQNgZ1bWVZO9JBe70=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=OKlAaPiIFOkLErOglsVHGfggM7g=; b=S1l/MonJctMnvCPCDIJn8ODnpOUF
	fhY8J5hV9QwGMsu2zQgNJzGZVMf5Nz478XU394k14/761OS0cW6LgCJ6ivYQYN1g
	hjtAqgcJPGBZZOErmAD/glkeJ2NY9O0yLfW2mg406Q4SZXNe60JAlUFa0D9ttcIu
	0eiSt68GZTAMIlc=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-5.0 required=5.0 tests=AWL autolearn=ham version=3.3.2
X-HELO:	calimero.vinschen.de
Date:	Tue, 27 Jan 2015 11:21:50 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Failure in merging win-env vars into post-'login'...
Message-ID:	<20150127102150.GG14265@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<announce DOT 20150114124044 DOT GD15791 AT calimero DOT vinschen DOT de> <54B7365C DOT 7020307 AT tlinx DOT org> <20150115091110 DOT GA10242 AT calimero DOT vinschen DOT de> <54B8DD29 DOT 20901 AT tlinx DOT org> <20150116105114 DOT GC3122 AT calimero DOT vinschen DOT de> <54B9AFF4 DOT 6010903 AT tlinx DOT org> <20150119102606 DOT GC10055 AT calimero DOT vinschen DOT de> <54C1A682 DOT 6060103 AT tlinx DOT org> <20150123113657 DOT GB19127 AT calimero DOT vinschen DOT de> <54C2F6A6 DOT 2070309 AT tlinx DOT org>
MIME-Version:	1.0
In-Reply-To:	<54C2F6A6.2070309@tlinx.org>
User-Agent:	Mutt/1.5.23 (2014-03-12)