X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Mon, 5 Oct 2009 20:50:34 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: OpenSSH - sftp not working for non-Administrator users
Message-ID: <20091005185034.GD12789@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <4A6388BB DOT 1050904 AT tigroup-usa DOT com> <4A63CD77 DOT 5090700 AT tigroup-usa DOT com> <20090720023742 DOT GC15540 AT ednor DOT casa DOT cgf DOT cx> <4A63E12B DOT 4020205 AT tigroup-usa DOT com> <20090720050320 DOT GD15540 AT ednor DOT casa DOT cgf DOT cx> <4A6404C4 DOT 2030003 AT tigroup-usa DOT com> <h41laj$jvh$1 AT ger DOT gmane DOT org> <20090720115728 DOT GD30066 AT calimero DOT vinschen DOT de> <af075b00910050807jbd561d8oe8f1f9abcfd4090d AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <af075b00910050807jbd561d8oe8f1f9abcfd4090d@mail.gmail.com>
User-Agent: Mutt/1.5.17 (2007-11-01)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Oct  5 16:07, Julio Costa wrote:
> On Mon, Jul 20, 2009 at 12:57, Corinna Vinschen wrote:
> > Nevertheless there's something fishy.  The /bin path is added
> > automatically by cygrunsrv so that the service doesn't have to care for
> > a default $PATH by itself.  I assume it has something to do with path
> > permissions.  Check the ACLs.
> 
> ... the reason is, I myselft stumped into something similar.
> After configuring openssh with chrooted sessions, I can login into one
> of these sessions (with a non-admin users), but any command that I try
> fail silently (unless it is a built-in).
> 
> From what I observed with the help of process monitor, is that any
> failing command try to load cygwin1.dll from the current directory
> (/bin) but will fail, because the dll in in /usr/bin.
> This difference (/bin vs /usr/bin) is not of importance to the
> majority of the cases because: a) /bin and /usr/bin are mirrors of
> each other , through mount magic; b) /usr/bin is also in the PATH.
> But in a sshd chrooted environment thigs are different: there is no
> mount -magic, and the .dlls get copied to the /usr/bin, following
> "advice" from ldd. The PATH also only have /bin, which don't help.
> 
> So, I was thinking, shouldn't make more sense that cygrunsrv do:
> a) add /usr/bin also as a bare-minimum, to cover chrooted environments
> (and to follow the /usr/bin/*.dll dependencies of cygwin binaries);

Why don't you just put cygwin1.dll into $CHROOT-DIR/bin?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple