X-Spam-Check-By: sourceware.org Date: Thu, 2 Mar 2006 11:06:55 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Cc: Karl M Subject: Re: ssh-host-config (/var/log/lastlog) Message-ID: <20060302100655.GF3184@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com, Karl M References: <20060227103750 DOT GD30238 AT calimero DOT vinschen DOT de> <20060228123700 DOT GB3184 AT calimero DOT vinschen DOT de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060228123700.GB3184@calimero.vinschen.de> User-Agent: Mutt/1.4.2i Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Karl? Ping? On Feb 28 13:37, Corinna Vinschen wrote: > On Feb 27 11:38, Karl M wrote: > > Hi All... > > > > It was fun while it lasted 8-) > > > > Perhaps the permissions/owner for lastlog as a file should be > > 644/system.none > > > > It works for me and protects the log a bit better. > > Would you mind to give the below patch to ssh-host-config a try? > It now refuses to let you go ahead with a lastlog directory. > > > Thanks, > Corinna > > --- ssh-host-config.ORIG 2006-02-28 13:24:32.248566300 +0100 > +++ ssh-host-config 2006-02-28 13:32:22.168803900 +0100 > @@ -153,22 +153,31 @@ fi > > # Create /var/log and /var/log/lastlog if not already existing > > -if [ -f ${LOCALSTATEDIR}/log ] > +if [ -e ${LOCALSTATEDIR}/log -a ! -d ${LOCALSTATEDIR}/log ] > then > - echo "Creating ${LOCALSTATEDIR}/log failed!" > -else > - if [ ! -d ${LOCALSTATEDIR}/log ] > - then > - mkdir -p ${LOCALSTATEDIR}/log > - fi > - if [ -d ${LOCALSTATEDIR}/log/lastlog ] > - then > - chmod 777 ${LOCALSTATEDIR}/log/lastlog > - elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ] > - then > - cat /dev/null > ${LOCALSTATEDIR}/log/lastlog > - chmod 666 ${LOCALSTATEDIR}/log/lastlog > - fi > + echo > + echo "${LOCALSTATEDIR}/log is existant but not a directory." > + echo "Cannot create ssh host configuration." > + echo > + exit 1 > +fi > +if [ ! -e ${LOCALSTATEDIR}/log ] > +then > + mkdir -p ${LOCALSTATEDIR}/log > +fi > + > +if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] > +then > + echo > + echo "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." > + echo "Cannot create ssh host configuration." > + echo > + exit 1 > +fi > +if [ ! -e ${LOCALSTATEDIR}/log/lastlog ] > +then > + cat /dev/null > ${LOCALSTATEDIR}/log/lastlog > + chmod 644 ${LOCALSTATEDIR}/log/lastlog > fi > > # Create /var/empty file used as chroot jail for privilege separation > @@ -578,6 +587,7 @@ then > fi > chown "${_user}" ${SYSCONFDIR}/ssh* > chown "${_user}".544 ${LOCALSTATEDIR}/empty > + chown "${_user}".544 ${LOCALSTATEDIR}/log/lastlog > if [ -f ${LOCALSTATEDIR}/log/sshd.log ] > then > chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log > > -- > Corinna Vinschen Please, send mails regarding Cygwin to > Cygwin Project Co-Leader cygwin AT cygwin DOT com > Red Hat > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/