* sshd 3.4p1-2 privsep question
@ 2002-07-09 23:12 Wu Yongwei
2002-07-10 5:08 ` Corinna Vinschen
0 siblings, 1 reply; 3+ messages in thread
From: Wu Yongwei @ 2002-07-09 23:12 UTC (permalink / raw)
To: cygwin
When executing "net start sshd" in privilege separation mode, I saw this in
/var/log/sshd.log: "Bad owner or mode for /var/empty". Sshd works OK in
non-privsep mode.
This is how I set up sshd:
-----------------------------------------------------------------------
$ ssh-host-config
Overwrite existing /etc/ssh_config file? (yes/no) yes
Generating /etc/ssh_config file
Overwrite existing /etc/sshd_config file? (yes/no) yes
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read /usr/doc/openssh/README.privsep.
Shall privilege separation be used? (yes/no) yes
Generating /etc/sshd_config file
Do you want to install sshd as service?
(Say "no" if it's already installed as service) (yes/no) no
Host configuration finished. Have fun!
-----------------------------------------------------------------------
ls -l /var seems to indicate the ownership is correct:
drwxrwxrwx 2 SYSTEM SYSTEM 0 Jul 10 12:50 empty/
I have CYGWIN variable defined to "binmode ntsec tty", but it seems of no
use.
I am puzzled. Any suggestions?
Best regards,
Wu Yongwei
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: sshd 3.4p1-2 privsep question
2002-07-09 23:12 sshd 3.4p1-2 privsep question Wu Yongwei
@ 2002-07-10 5:08 ` Corinna Vinschen
0 siblings, 0 replies; 3+ messages in thread
From: Corinna Vinschen @ 2002-07-10 5:08 UTC (permalink / raw)
To: cygwin
On Wed, Jul 10, 2002 at 01:09:42PM +0800, Wu Yongwei wrote:
> drwxrwxrwx 2 SYSTEM SYSTEM 0 Jul 10 12:50 empty/
I'd suggest to set your default umask to something different than 0
so that files and dirs aren't created with wide open permissions.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: sshd 3.4p1-2 privsep question
@ 2002-07-10 1:07 Wu Yongwei
0 siblings, 0 replies; 3+ messages in thread
From: Wu Yongwei @ 2002-07-10 1:07 UTC (permalink / raw)
To: cygwin
Thanks. Chmod did the trick.
Best regards,
Wu Yongwei
--- Original Message from "Corwin" ---
Try to set permissions to readonly for other users.
chmod 755 /var/empty
You can take a look at /usr/doc/openssh/README.privsep for more information.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-07-10 11:38 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-07-09 23:12 sshd 3.4p1-2 privsep question Wu Yongwei
2002-07-10 5:08 ` Corinna Vinschen
2002-07-10 1:07 Wu Yongwei
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).