X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Date: Mon, 5 Oct 2009 20:50:34 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: OpenSSH - sftp not working for non-Administrator users Message-ID: <20091005185034.GD12789@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <4A6388BB DOT 1050904 AT tigroup-usa DOT com> <4A63CD77 DOT 5090700 AT tigroup-usa DOT com> <20090720023742 DOT GC15540 AT ednor DOT casa DOT cgf DOT cx> <4A63E12B DOT 4020205 AT tigroup-usa DOT com> <20090720050320 DOT GD15540 AT ednor DOT casa DOT cgf DOT cx> <4A6404C4 DOT 2030003 AT tigroup-usa DOT com> <20090720115728 DOT GD30066 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.17 (2007-11-01) Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Oct 5 16:07, Julio Costa wrote: > On Mon, Jul 20, 2009 at 12:57, Corinna Vinschen wrote: > > Nevertheless there's something fishy.  The /bin path is added > > automatically by cygrunsrv so that the service doesn't have to care for > > a default $PATH by itself.  I assume it has something to do with path > > permissions.  Check the ACLs. > > ... the reason is, I myselft stumped into something similar. > After configuring openssh with chrooted sessions, I can login into one > of these sessions (with a non-admin users), but any command that I try > fail silently (unless it is a built-in). > > From what I observed with the help of process monitor, is that any > failing command try to load cygwin1.dll from the current directory > (/bin) but will fail, because the dll in in /usr/bin. > This difference (/bin vs /usr/bin) is not of importance to the > majority of the cases because: a) /bin and /usr/bin are mirrors of > each other , through mount magic; b) /usr/bin is also in the PATH. > But in a sshd chrooted environment thigs are different: there is no > mount -magic, and the .dlls get copied to the /usr/bin, following > "advice" from ldd. The PATH also only have /bin, which don't help. > > So, I was thinking, shouldn't make more sense that cygrunsrv do: > a) add /usr/bin also as a bare-minimum, to cover chrooted environments > (and to follow the /usr/bin/*.dll dependencies of cygwin binaries); Why don't you just put cygwin1.dll into $CHROOT-DIR/bin? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple