X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=kizvx6Tu+G/hiNQz8evbT6p1aDuK3gA4l0E6PWD0dJR1B4XsjyS1K
	Ku1sJt3Ijxpq9CJW1iA8iy9QRytWFeMoxu3DGUNrxvVXxT/wE5TUF0RBUt+aF0jD
	tkgTKGO9zwA4PFaxsPAIE6l/XB8+nhkFpTs4O5yNzDzlz7aHfFgfWY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=svuI8YryTreloAx6fLLedDwwL/0=; b=Jb4Tg8vTDUvn7DyvE4IShV1y3fqL
	YW4A9aGgp75XQ2nrT0d4Fz9TJCVfI4LHOLiKydwlEqJCUsVtS+99dzg61EBhGdT9
	fWvXSZroWqNKGqYTIaD4fF94yfnv8Lu91OAUosqbCm8iUEpC0ca9HODz6HWYTm1b
	VNmJkMq39ItuZGQ=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Mon, 28 Jul 2014 13:53:08 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: The eternal uid issue
Message-ID: <20140728115308.GA11725@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20140723091409 DOT GH27005 AT calimero DOT vinschen DOT de> <53CF9E0F DOT F596FC60 AT boland DOT nl> <20140723152357 DOT GA24446 AT calimero DOT vinschen DOT de> <53D0AD3A DOT 1FDF0B3F AT boland DOT nl> <20140724135222 DOT GD12212 AT calimero DOT vinschen DOT de> <53D17DCD DOT 726524E0 AT boland DOT nl> <20140725124200 DOT GC8725 AT calimero DOT vinschen DOT de> <53D604BC DOT 1CBD4557 AT boland DOT nl> <20140728091409 DOT GA25860 AT calimero DOT vinschen DOT de> <53D6373A DOT 193E3E47 AT boland DOT nl>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy"
Content-Disposition: inline
In-Reply-To: <53D6373A.193E3E47@boland.nl>
User-Agent: Mutt/1.5.23 (2014-03-12)

--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Jul 28 13:42, D. Boland wrote:
> Hi Corinna,
>=20
> Corinna Vinschen wrote:
> >=20
> > Still, are you using setuid method 1 or another method?  Is your home
> > dir the default /home/$USER as created from inside the Cygwin
> > environment?  Any chance your home dir has an unusual ACL?
> >=20
> > Did you set up sshd as service?  If not, you might consider to do that
> > so you can check what happens when switching to the smmsp account.  Run
> > ssh-host-config as admin, install the service.  Create an authorized_ke=
ys
> > file for the smmsp user (run ssh-user-config under smmsp for instance),
> > then start the service.  Now login to the smmsp user account using
> > public key authentication, admin-enabled vs. non-admin as above(*), and
> > observe the permissions ls or stat show you for your home dir.  Are they
> > really different?  If so, let's see the strace output again.
>=20
> Argh! I checked the /home folder and it was indeed group and world writab=
le. After
> setting it to 0755 sendmail had no issues anymore. Sendmail checks permis=
sions on
> the entire path. I cannot remember setting it 0777, so something else mus=
t have set
> it.

The permissions of the home folder are set to 01777 by default (S_ISVTX
bit!).  Since we can't rely on central administration for Cygwin, this
allows a user to create her own homedir automatically at first start of
a Cygwin shell.

You might consider to disable this full patch check in sendmail for
Cygwin.  Is there some configuration flag, maybe?

> Regarding the suid method: You mean method 1, 2 and 3 in the "Using Windo=
ws security
> in Cygwin" article, right? I have nothing special set up, so it uses the =
default
> method 1.
>=20
> As to the sshd, I had it set up as a service already.
>=20
> Thanks again for your help. I will announce the Sendmail release soon.

Thanks, but you need to send an ITA to cygwin-apps first.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT1jmkAAoJEPU2Bp2uRE+g9S4P+weG9fDpqsiLAGmGsyb2QjMR
38zUJIqdVmtelRTVEKNm1N2vEAkQz1r5cRqYr2gReFDfU2GPCPOoXfGx2P7fv4bW
0DCNrPX55VCyBdtUMqu4V2mysjVP5OkVqH9mi+CTcRjo5Ss66eYtmyHfOVeeKDGH
A3xjib4zSwj+MNXEOHBC36zCxX9MBFn8+0XNmpw2+dIRa8HAdt06ujBH4qRJDMfu
7HmYGlwR3Ppi1FmxmCwGi+HIeuOVo8FLHEm4vX5Jm4ALcEr+5hFdPmgzx9TxjAgQ
fovGKHYTF0edJeKMRk8fNXxthPv/6D9PpyHC0YQQI3U+aL2Zbjl40woZbRToYpVk
dGyMzjDm9n/edCGdny3bwqXpkb02hxOA/f03UMFPVxY65HEZE8cwgUUXDHukyt3F
d8na3z6plzBwcYAF38Ej785soyjIjMX6tyOwI8rDOObXeaLKdzGsXr7WXI9hGcev
+DvqVQ2MOf0DECCaiD4NgWBdtC9bLz5DDwv0Aa+gSyCoF1EsgYsvzU83PeijqC5v
BtqCvPpOuDPCv7GMT2V8phvhudjVculnjeQcTPcODFUeD0IVypdrndkg5ufiAbfk
tPkIYai2Em+NFv4RrHZ2mBRTQWwiuM0OJb028uhASS1otM22KPrjb2ZDExh56xHg
osY4byUiyJfCOlRwczv9
=QmDQ
-----END PGP SIGNATURE-----

--KsGdsel6WgEHnImy--