Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com From: swamp-dog AT ntlworld DOT com (Guy Harrison) To: Subject: Re: sshd and fstat Date: Fri, 18 Jan 2002 12:25:33 GMT Reply-To: Message-ID: <3c4a13e6.939968563@smtp.ntlworld.com> References: <3c46d28e DOT 857705044 AT post DOT ntlworld DOT com> In-Reply-To: <3c46d28e.857705044@post.ntlworld.com> X-Mailer: Forte Agent 1.5/32.451 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id g0ICQDs18975 On Thu, 17 Jan 2002 14:49:28 GMT, swamp-dog AT ntlworld DOT com (Guy Harrison) wrote: I'm pleased to be able to report some progress! I've located where the key difference lies between sshd running as an NT service and sshd running in just about any other fashion. 1236 int 1237 get_file_attribute (int use_ntsec, const char *file, 1238 int *attribute, uid_t *uidret, gid_t *gidret) 1239 { 1240 int res; 1241 - 1242 if (use_ntsec && allow_ntsec) 1243 { - 1244 res = get_nt_attribute (file, attribute, uidret, gidret); - 1245 if (attribute && (*attribute & S_IFLNK) == S_IFLNK) - 1246 *attribute |= S_IRWXU | S_IRWXG | S_IRWXO; - 1247 return res; 1248 } 1249 1250 if (uidret) 1251 *uidret = getuid (); 1252 if (gidret) 1253 *gidret = getgid (); 1254 In almost all circumstances 'allow_ntsec' is true. No problem - sshd correctly obtains the permissions on the client's $HOME/.ssh/*keys. The single circumstance in which 'allow_ntsec' is false, is when sshd is running *directly* as a service: in other words, as it is designed to. Could someone enlighten me about 'allow_ntsec'. How does CygWin turn this on? TIA -- swamp-dog AT ntlworld DOT com -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/