X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-2.0 required=5.0 	tests=BAYES_00,SARE_MSGID_LONG40,SPF_PASS
X-Spam-Check-By: sourceware.org
MIME-Version: 1.0
In-Reply-To: <20091005185034.GD12789@calimero.vinschen.de>
References: <4A6388BB DOT 1050904 AT tigroup-usa DOT com> <4A63CD77 DOT 5090700 AT tigroup-usa DOT com>  	<20090720023742 DOT GC15540 AT ednor DOT casa DOT cgf DOT cx> <4A63E12B DOT 4020205 AT tigroup-usa DOT com>  	<20090720050320 DOT GD15540 AT ednor DOT casa DOT cgf DOT cx> <4A6404C4 DOT 2030003 AT tigroup-usa DOT com>  	<h41laj$jvh$1 AT ger DOT gmane DOT org> <20090720115728 DOT GD30066 AT calimero DOT vinschen DOT de>  	<af075b00910050807jbd561d8oe8f1f9abcfd4090d AT mail DOT gmail DOT com>  	<20091005185034 DOT GD12789 AT calimero DOT vinschen DOT de>
From: Julio Costa <costaju AT gmail DOT com>
Date: Mon, 5 Oct 2009 20:18:05 +0100
Message-ID: <af075b00910051218r576c2d9fle33dd069e01a454a@mail.gmail.com>
Subject: Re: OpenSSH - sftp not working for non-Administrator users
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Mon, Oct 5, 2009 at 19:50, Corinna Vinschen wrote:
> On Oct =C2=A05 16:07, Julio Costa wrote:
>> On Mon, Jul 20, 2009 at 12:57, Corinna Vinschen wrote:
>> > Nevertheless there's something fishy. =C2=A0The /bin path is added
>> > automatically by cygrunsrv so that the service doesn't have to care for
>> > a default $PATH by itself. =C2=A0I assume it has something to do with =
path
>> > permissions. =C2=A0Check the ACLs.
>>
>> ... the reason is, I myselft stumped into something similar.
>> After configuring openssh with chrooted sessions, I can login into one
>> of these sessions (with a non-admin users), but any command that I try
>> fail silently (unless it is a built-in).
>>
>> From what I observed with the help of process monitor, is that any
>> failing command try to load cygwin1.dll from the current directory
>> (/bin) but will fail, because the dll in in /usr/bin.
>> This difference (/bin vs /usr/bin) is not of importance to the
>> majority of the cases because: a) /bin and /usr/bin are mirrors of
>> each other , through mount magic; b) /usr/bin is also in the PATH.
>> But in a sshd chrooted environment thigs are different: there is no
>> mount -magic, and the .dlls get copied to the /usr/bin, following
>> "advice" from ldd. The PATH also only have /bin, which don't help.
>>
>> So, I was thinking, shouldn't make more sense that cygrunsrv do:
>> a) add /usr/bin also as a bare-minimum, to cover chrooted environments
>> (and to follow the /usr/bin/*.dll dependencies of cygwin binaries);
>
> Why don't you just put cygwin1.dll into $CHROOT-DIR/bin?
>

I did. It obviously works. But I see this more as the workaround, not
the solution.

I'm trying to go from the workaround to the general solution.
I see three probable paths here:
1) General solution: cygrunsrv should, as a "cygwin service guardian",
be responsible to setup a dependable bare-bone environment for any
general use of a cygwin service. Adding /usr/bin:/bin in front of PATH
would definitely contribute to it;
2) Specific solution: AFAICT, this problem only occours in sshd (with
chroot involved). So, the same PATH amendment could be easily done by
ssh-host-config at the service installation code;
3) Do-nothing solution: it's already done! And then every Cygwin user
will have to struggle with strange happenings when trying to set up
sshd/sftp chroots... even if it ends finding this thread that's not
the kind of user experience that Cygwin should be, right?

I'm not talking here about saving the world :)
Clearly either solution 1) or 2) are one-liner patches - and I'm just
asking what route do you think is better.
Then I'll present the patch, no broken fingers! :)

--=20
___________
Julio Costa

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple