| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:subject:references:to:from:reply-to:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=Qwn1aLzYSzXZAl2r | |
| ihEeFVObh20piJ6/HDrr1ADpzBw84LWVAu71wSFIxRYHZVGP4kqt+43kwBwXZP8x | |
| ZgzjQQ1/ylXUR/VZAHt+Eh9OkFHCVGyPiP9SaphXxui5lraQkOp9pIhyv+4fkjZu | |
| 2JkV6fR82Ka8fKvbZPNAOc61Y+w= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:subject:references:to:from:reply-to:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=1uH0KJCAssTVN/taijrE1t | |
| 04EC0=; b=igvv57sEcFEd9IDYGjuhxuk9amFy7plYY+OPdVkXrO4J03IAjZKVUC | |
| G0d4tm5EBAecWI8cWVc2JUHqQSTz6PGUCbQUXf4saMRpaSzqbovFO/akBcPcbjqx | |
| U6GslNtKlJB3yx6rg87/vHtWM0hj1j+gKpDdZpRZ2CDmjAlmn0688= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-1.3 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=Hx-spam-relays-external:sk:smtp-ou, H*RU:sk:smtp-ou, HX-HELO:sk:smtp-ou, strips |
| X-HELO: | smtp-out-so.shaw.ca |
| X-Authority-Analysis: | v=2.2 cv=XbT59Mx5 c=1 sm=1 tr=0 a=WqCeCkldcEjBO3QZneQsCg==:117 a=WqCeCkldcEjBO3QZneQsCg==:17 a=IkcTkHD0fZMA:10 a=w_pzkKWiAAAA:8 a=3mhNWHufCpcyVQN5FJkA:9 a=QEXdDO2ut3YA:10 a=OO2XiV6ZNdAA:10 a=KyLo1vIQnU4A:10 a=sRI3_1zDfAgwuvI8zelB:22 |
| Subject: | Re: bash -l not sourcing /etc/profile? (minor annoyance) |
| References: | <d36a5c1f-d515-c78c-e958-cd94898f7db0 AT pobox DOT com> <fd4be5d7-52f7-0d29-2776-bc0316c06f6c AT SystematicSw DOT ab DOT ca> <bf2e2417-ee57-e415-0ec5-e919a87d2ffc AT pobox DOT com> |
| To: | cygwin AT cygwin DOT com |
| From: | Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca> |
| Reply-To: | Brian DOT Inglis AT SystematicSw DOT ab DOT ca |
| Message-ID: | <1afedecf-33cc-ac99-54c3-898a8293c2dc@SystematicSw.ab.ca> |
| Date: | Sun, 12 Mar 2017 14:02:36 -0600 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <bf2e2417-ee57-e415-0ec5-e919a87d2ffc@pobox.com> |
| X-CMAE-Envelope: | MS4wfMcoqvXXwUJTMGAwgCNo2NQ92KJ/pub7d7XbkKz/KyqHcLmNCcr5jj40lHzRZMmVYzidEmP3SusT/eSZ61P/FhN3Cqvd2aFR2UoK5SmV/mkYVQobvjZx HMevs7OT8MXptsWnDKPOcNmFmCaCSt90ZzWUGPAfFY1DafrPgtElwy4oaZKu/gAO7smYpdUND5H4EA== |
| X-IsSubscribed: | yes |
On 2017-03-11 20:51, Daniel Santos wrote:
> First off, thanks for your response and I apologize for my late reply.
>
> On 03/09/2017 06:21 PM, Brian Inglis wrote:
>> On 2017-03-09 15:58, Daniel Santos wrote:
>>> This is just a minor annoyance. When I start a mintty session and
>>> even if I type bash -l or basy -li, I don't get my /etc/profile
>>> sourced and I have to manually do it each time I log in. Any idea
>>> what's causing that?
>> Cygwin/bash/mintty shortcut properties or command line should have
>> "-" at end e.g.
>>
>> "C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico -"
>
> Yes, I have verified that.
>
>> Otherwise does it have Windows line endings or permissions too open?
>
> Windows line endings where? Also, please be a little more specific
> about permissions. On what file(s) are you referring to? How could
> this happen if they are "too open"? Usually, permissions being too
> open just results in a big security hole. Does Cygwin do some type of
> detection of this and crap out w/o a proper error message if some
> permissions are too open?
/etc/profile ~/.profile ...
Run file on profiles and check they don't say with CRLF... as various
utilities have been unpatched to work like native Unix by opening files
in binary mode and barfing if they don't like CRs.
Run dos2unix/d2u to fix.
Some utilities are now more aware of security holes and may now be
checking for no wide write permissions on files they will execute,
as have security related utilities.
They may not complain about permissions any more than they would
complain if a profile did not exist - would be nice of them.
>>> Possibly related, sshd doesn't seem to be reading my
>>> ~/.ssh/authorized_keys because I have to type my password every time
>>> I ssh in.
>> Windows line endings or permissions too open on directory
>> (s/b drwx------) or private key files, config, known_hosts,
>> authorized_keys (s/b _rw-------)?
>
> Again, permissions too open w/o an error message? I did not
> explicitly modify the permissions and the .ssh directory was created
> by ssh-keygen. I did try to modify the permissions in Windows
> explorer, but I only seemed to bungle things up and now I have the
> "properties" dialogue for the .ssh directory stuck open (cannot
> close it) and I can't reboot yet because I'm running tests, so this
> may have to wait a little bit.
SSH et al are normally explicit about permissions problems.
Cygwin getfacl and setfacl are your friends - setfacl -bk ...
on Cygwin directories and files strips most Windows ACLs down
to POSIX compatibility and allows ch{mod,own,grp} to do their
things without side effects.
If your account is a local admin, have a backup admin account
on the system, just in case.
> Also, the sshd server does need to access my .ssh directory and my
> id_rsa.pub, but I don't seem to understand nt security anymore.
Start cygserver and sshd using cygrunsrv from an elevated/admin
account or Scheduled Task so they run as SYSTEM and can impersonate.
See https://cygwin.com/cygwin-ug-net/ntsec.html for the best anyone
can understand POSIX security and ACLs under Windows, and especially
Switching the user context section for daemons like sshd; for
cygserver https://cygwin.com/cygwin-ug-net/using-cygserver.html
>> Could sshd config have disabled allowing personal config files
>> (common on corporate servers - have to talk to admins)?
>
> This is a fresh install of Cygwin on a freshly installed Windows 7.
>
>> If you have a passphrase on your key, you could use ssh-agent
>> and ssh-add to avoid reverifying credentials on each connection.
>
> I did not use a passphrase.
>
>> Do you also need host keys in /etc/ssh_known_hosts or
>> ~/.ssh/known_hosts as well as your PPK pair?
>
> Well, known_hosts doesn't matter on the server side and I have
> already added the Windows 7 key to my known_hosts file on my
> GNU/Linux client. I'm not using Putty, et. al., so I don't have a
> PPK file.
Meant PPK generically - like the .ssh/id... files without the .pub
suffix.
> I suppose I can live with the inconvenience for now. Thanks for your
> tips.
ssh is just one of the hoops we all have to jump thru to get to do work.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |