Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Tue, 4 Feb 2003 15:03:33 -0500 (EST)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Marc Bejarano <beej AT alum DOT mit DOT edu>
cc: cygwin AT cygwin DOT com
Subject: Re: sshd can't do publickey auth with .ssh linked to  /cygdrive/c/rest/of/path
In-Reply-To: <5.2.0.9.2.20030204105352.034ad8d0@127.0.0.1>
Message-ID: <Pine.GSO.4.44.0302041434240.24195-100000@slinky.cs.nyu.edu>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Marc,

On Tue, 4 Feb 2003, Marc Bejarano wrote:

> i'm still not subscribed to this list so i would be grateful if i could be
> left on the cc: line of this thread.
>
> At 04:26 PM 2/3/2003, Igor Pechtchanski wrote:
>  >On Mon, 3 Feb 2003, Marc Bejarano wrote:
>  >> i tried to link my ~/.ssh to "/cygdrive/c/Documents and
>  >> Settings/<username>/Application Data/Van Dyke Technologies/SecureCRT/"
>  >> because i thought it was the most straight-forward way to share my identity
>  >> files.  this breaks incoming publickey auth to cygwin openssh sshd.
>
>  >> Authentication refused: bad ownership or modes for directory /cygdrive/c
>
>  >> d---------   15 65535    65535           0 Feb  3 04:11 /cygdrive/c/
>
>  >> so my question: is there a way to make this work?  can i change the
>  >> mode/ownership bits on a /cygdrive mountpoint?  or can i tell the sshd to
>  >> be less security-conscious?
>
>  >Before you do anything as drastic as a "chmod -R a+rx /cygdrive/c"
>
> i'm not convinced even drastic measures will help.  sshd thinks /cygdrive/c
> is a directory.  it is worried about the modes of the dir,
> itself.  unfortunately, even when i'm logged in as user Administrator, i
> can't seem to make any changes to it:
> [Administrator AT beej-lap]/:{1}:$ chmod 755 /cygdrive/c
> chmod: changing permissions of `/cygdrive/c': Permission denied
>
> and on the windoze side of things, i don't know how to set permissions for
> a drive.

Looks like Administrator is not the owner of that directory (and it is a
directory, namely 'C:\').

> btw: i am not a domain user.
>
>  >try the following:
>  >
>  >$ mv /etc/passwd /etc/passwd-old
>  >$ mv /etc/group /etc/group-old
>  >$ mkpasswd -l > /etc/passwd
>  >$ mkgroup -l > /etc/group
>
>  >And see if this helps.
>
> nope :(

Sorry, mea culpa.  I have a guess that the owner of 'C:\' is not
Administrator, but rather the Administrators group (which Windows treats
as a user).  Please try regenerating /etc/passwd using

$ mkpasswd -l -g > /etc/passwd

(this will also add local groups as users to /etc/passwd) and post the
output of 'ls -ld /cygdrive/c' again.

>  >In other words, your /etc/{passwd,group} files seem to be incomplete, so
>  >you need to regenerate them.
>
> can you try making your .ssh link to a /cygdrive/c path and see if it works
> for you?
>
> tia,
> marc

There's nothing magical about it...  And you should make sure your
/etc/{passwd,group} files are up to date for ntsec to work anyway.  Once
you see the correct owner/group names for the relevant directories, you
can start tackling your sshd problem.  My guess is that, at that point,
you'll only need to run

$ chown -R YourUsername "/cygdrive/c/Documents and Settings/<username>/Application Data/Van Dyke Technologies/SecureCRT/"

and change the permissions accordingly...  In any case, I'd first get sshd
to run with .ssh being a subdirectory in your $HOME, so you know exactly
what ownership and permissions definitely work.  The next step would be
renaming that directory to, say, "~/.ssh_dir", making a symbolic link
("~/.ssh") to that, and getting that scenario to work.  Finally, you can
then change the linked directory (/cygdrive/c/...) appropriately.

If the second step above (symlink to ~/.ssh_dir) doesn't work, this may be
related to a symlink permission problem, which was fixed by a recent patch
(see <http://cygwin.com/ml/cygwin-developers/2003-02/msg00011.html>).
You may then want to wait for the next snapshot to be available and try
that.

HTH,
	Igor
P.S. As long as your user has appropriate privileges, you should be able
to change permissions with Cygwin tools (chown, chmod) just as easily as
with Windows tools.  FYI, however, to change Windows permissions,
right-click on the directory name in Explorer and select Properties ->
Security -> Advanced.  Once there, the Owner tab will show you the current
owner, and the Permissions tab will let you change permissions.
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Oh, boy, virtual memory! Now I'm gonna make myself a really *big* RAMdisk!
  -- /usr/games/fortune


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/