X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:references:to:from:reply-to:message-id :date:mime-version:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=Qwn1aLzYSzXZAl2r ihEeFVObh20piJ6/HDrr1ADpzBw84LWVAu71wSFIxRYHZVGP4kqt+43kwBwXZP8x ZgzjQQ1/ylXUR/VZAHt+Eh9OkFHCVGyPiP9SaphXxui5lraQkOp9pIhyv+4fkjZu 2JkV6fR82Ka8fKvbZPNAOc61Y+w= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:references:to:from:reply-to:message-id :date:mime-version:in-reply-to:content-type :content-transfer-encoding; s=default; bh=1uH0KJCAssTVN/taijrE1t 04EC0=; b=igvv57sEcFEd9IDYGjuhxuk9amFy7plYY+OPdVkXrO4J03IAjZKVUC G0d4tm5EBAecWI8cWVc2JUHqQSTz6PGUCbQUXf4saMRpaSzqbovFO/akBcPcbjqx U6GslNtKlJB3yx6rg87/vHtWM0hj1j+gKpDdZpRZ2CDmjAlmn0688= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=Hx-spam-relays-external:sk:smtp-ou, H*RU:sk:smtp-ou, HX-HELO:sk:smtp-ou, strips X-HELO: smtp-out-so.shaw.ca X-Authority-Analysis: v=2.2 cv=XbT59Mx5 c=1 sm=1 tr=0 a=WqCeCkldcEjBO3QZneQsCg==:117 a=WqCeCkldcEjBO3QZneQsCg==:17 a=IkcTkHD0fZMA:10 a=w_pzkKWiAAAA:8 a=3mhNWHufCpcyVQN5FJkA:9 a=QEXdDO2ut3YA:10 a=OO2XiV6ZNdAA:10 a=KyLo1vIQnU4A:10 a=sRI3_1zDfAgwuvI8zelB:22 Subject: Re: bash -l not sourcing /etc/profile? (minor annoyance) References: To: cygwin AT cygwin DOT com From: Brian Inglis Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca Message-ID: <1afedecf-33cc-ac99-54c3-898a8293c2dc@SystematicSw.ab.ca> Date: Sun, 12 Mar 2017 14:02:36 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfMcoqvXXwUJTMGAwgCNo2NQ92KJ/pub7d7XbkKz/KyqHcLmNCcr5jj40lHzRZMmVYzidEmP3SusT/eSZ61P/FhN3Cqvd2aFR2UoK5SmV/mkYVQobvjZx HMevs7OT8MXptsWnDKPOcNmFmCaCSt90ZzWUGPAfFY1DafrPgtElwy4oaZKu/gAO7smYpdUND5H4EA== X-IsSubscribed: yes On 2017-03-11 20:51, Daniel Santos wrote: > First off, thanks for your response and I apologize for my late reply. > > On 03/09/2017 06:21 PM, Brian Inglis wrote: >> On 2017-03-09 15:58, Daniel Santos wrote: >>> This is just a minor annoyance. When I start a mintty session and >>> even if I type bash -l or basy -li, I don't get my /etc/profile >>> sourced and I have to manually do it each time I log in. Any idea >>> what's causing that? >> Cygwin/bash/mintty shortcut properties or command line should have >> "-" at end e.g. >> >> "C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico -" > > Yes, I have verified that. > >> Otherwise does it have Windows line endings or permissions too open? > > Windows line endings where? Also, please be a little more specific > about permissions. On what file(s) are you referring to? How could > this happen if they are "too open"? Usually, permissions being too > open just results in a big security hole. Does Cygwin do some type of > detection of this and crap out w/o a proper error message if some > permissions are too open? /etc/profile ~/.profile ... Run file on profiles and check they don't say with CRLF... as various utilities have been unpatched to work like native Unix by opening files in binary mode and barfing if they don't like CRs. Run dos2unix/d2u to fix. Some utilities are now more aware of security holes and may now be checking for no wide write permissions on files they will execute, as have security related utilities. They may not complain about permissions any more than they would complain if a profile did not exist - would be nice of them. >>> Possibly related, sshd doesn't seem to be reading my >>> ~/.ssh/authorized_keys because I have to type my password every time >>> I ssh in. >> Windows line endings or permissions too open on directory >> (s/b drwx------) or private key files, config, known_hosts, >> authorized_keys (s/b _rw-------)? > > Again, permissions too open w/o an error message? I did not > explicitly modify the permissions and the .ssh directory was created > by ssh-keygen. I did try to modify the permissions in Windows > explorer, but I only seemed to bungle things up and now I have the > "properties" dialogue for the .ssh directory stuck open (cannot > close it) and I can't reboot yet because I'm running tests, so this > may have to wait a little bit. SSH et al are normally explicit about permissions problems. Cygwin getfacl and setfacl are your friends - setfacl -bk ... on Cygwin directories and files strips most Windows ACLs down to POSIX compatibility and allows ch{mod,own,grp} to do their things without side effects. If your account is a local admin, have a backup admin account on the system, just in case. > Also, the sshd server does need to access my .ssh directory and my > id_rsa.pub, but I don't seem to understand nt security anymore. Start cygserver and sshd using cygrunsrv from an elevated/admin account or Scheduled Task so they run as SYSTEM and can impersonate. See https://cygwin.com/cygwin-ug-net/ntsec.html for the best anyone can understand POSIX security and ACLs under Windows, and especially Switching the user context section for daemons like sshd; for cygserver https://cygwin.com/cygwin-ug-net/using-cygserver.html >> Could sshd config have disabled allowing personal config files >> (common on corporate servers - have to talk to admins)? > > This is a fresh install of Cygwin on a freshly installed Windows 7. > >> If you have a passphrase on your key, you could use ssh-agent >> and ssh-add to avoid reverifying credentials on each connection. > > I did not use a passphrase. > >> Do you also need host keys in /etc/ssh_known_hosts or >> ~/.ssh/known_hosts as well as your PPK pair? > > Well, known_hosts doesn't matter on the server side and I have > already added the Windows 7 key to my known_hosts file on my > GNU/Linux client. I'm not using Putty, et. al., so I don't have a > PPK file. Meant PPK generically - like the .ssh/id... files without the .pub suffix. > I suppose I can live with the inconvenience for now. Thanks for your > tips. ssh is just one of the hoops we all have to jump thru to get to do work. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple