Messed up permissions on /var ?

Messed up permissions on /var ?

[David Lee Lambert]

I recently "migrated" a Cygwin instance from Windows XP to Windows 7
(wanted to save a bit of external bandwidth versus running the
installer again, also had a lot of custom stuff under /usr/local and
so forth).  X works fine.  I can't get sshd to work (started as a
daemon it would present a host key but not accept any password to log
in),  and I suspect I may have made things worse trying to fix it.

Trying to run the SSH daemon from a Cygwin command prompt started with
"Run as administrator...", I get the following output...

$ /usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/sshd_config
debug2: load_server_config: done config len = 253
debug2: parse_server_config: config /etc/sshd_config len 253
debug3: /etc/sshd_config:13 setting Port 22
debug3: /etc/sshd_config:41 setting StrictModes no
debug3: /etc/sshd_config:50 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/sshd_config:102 setting UsePrivilegeSeparation sandbox
debug3: /etc/sshd_config:118 setting Subsystem sftp     /usr/sbin/sftp-server
debug1: sshd version OpenSSH_6.2, OpenSSL 1.0.1e 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
/var/empty must be owned by root and not group or world-writable.


From that same terminal here are the permissions on /var and /var/empty...

dllamber@IBM-635c7e0ffd0 /var
$ ls -ld /var /var/empty
drwx---r-x+ 1 Administrator None 0 Aug  8 11:26 /var
drwxr-xr-x+ 1 SYSTEM        None 0 Aug  8 07:16 /var/empty

From my "regular user" account, Cygwin terminal, here's what I get:

dllamber@IBM-635c7e0ffd0 ~
$ ls -l /var /var/empty
ls: cannot open directory /var: Permission denied
/var/empty:
total 0


From "cmd.exe" run with "Run as administrator..." here's what I see...

C:\Cygwin>cacls var
C:\Cygwin\var IBM-635C7E0FFD0\Administrator:F
              IBM-635C7E0FFD0\None:(DENY)(special access:)
                                   FILE_READ_DATA
                                   FILE_READ_EA
                                   FILE_EXECUTE

              IBM-635C7E0FFD0\None:(special access:)
                                   READ_CONTROL
                                   SYNCHRONIZE
                                   FILE_READ_ATTRIBUTES

              Everyone:R
              IBM-635C7E0FFD0\dllamber:(OI)(CI)R


C:\Cygwin>cacls var\empty
Access is denied.


From "cmd.exde" run as a regular user, I see exactly the same thing.

If I open Explorer and try to browse to "C:\Cygwin\var", I get a "You
don't currently have permissions to access this folder" dialog.  If I
hit "Continue" and enter my password for UAC, I get "You have been
denied permission to access this folder".


Any advice?


-- 
David L. Lambert
Member IEEE, ACM (david.lee.lambert@acm.org)
IM: davidleelambert (Yahoo!) or lamber45@cse.msu.edu (MSN)

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Messed up permissions on /var ?

[Balaji Venkataraman]

On Thu, Aug 8, 2013 at 8:39 AM, David Lee Lambert <davidl@lmert.com> wrote:

> I recently "migrated" a Cygwin instance from Windows XP to Windows 7
> (wanted to save a bit of external bandwidth versus running the
> installer again, also had a lot of custom stuff under /usr/local and
> so forth).  X works fine.  I can't get sshd to work (started as a
> daemon it would present a host key but not accept any password to log

I ran into some ssh(d) related problems when I migrated laptops (older
ssd w/ Cygwin32 on Win7 migrated to an almost identical build but
fresh install of Win7 on a larger SSD) and copied all of my Cygwin
stuff over w/o re-installing. My problem was that sshd would start but
I could never connect to it.

> From that same terminal here are the permissions on /var and /var/empty...
>
> dllamber@IBM-635c7e0ffd0 /var
> $ ls -ld /var /var/empty
> drwx---r-x+ 1 Administrator None 0 Aug  8 11:26 /var
> drwxr-xr-x+ 1 SYSTEM        None 0 Aug  8 07:16 /var/empty
>
> From my "regular user" account, Cygwin terminal, here's what I get:
>
> dllamber@IBM-635c7e0ffd0 ~
> $ ls -l /var /var/empty
> ls: cannot open directory /var: Permission denied
> /var/empty:
> total 0

AFAIK, /var/empty should be owned by cyg_server. Delete the /var/empty
directory.

> Any advice?

/usr/share/doc/Cygwin/openssh.README
I'm guessing you already tried re-running /usr/bin/ssh-host-config on
the new system?

Here are some things I did to get it working - delete the cyg_server
and sshd users from Windows' Local Users and Groups (in case it is
already there) - in your case since it's a new install, it might not
be there. Delete cyg_server from /etc/passwd in case it's there.
Possibly re-start (don't think this is required). Then re-run
ssh-host-config and try again.

HTH,
Balaji

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Messed up permissions on /var ?

[Larry Hall (Cygwin)]

On 8/8/2013 11:39 AM, David Lee Lambert wrote:
> I recently "migrated" a Cygwin instance from Windows XP to Windows 7
> (wanted to save a bit of external bandwidth versus running the
> installer again, also had a lot of custom stuff under /usr/local and
> so forth).  X works fine.  I can't get sshd to work (started as a
> daemon it would present a host key but not accept any password to log
> in),  and I suspect I may have made things worse trying to fix it.
>
> Trying to run the SSH daemon from a Cygwin command prompt started with
> "Run as administrator...",

Oh, please don't do that!  You can't just start 'sshd' from the command-line
from your ID (or as "administrator") the way you can on Linux/UNIX.
Unfortunately, this is a common misunderstanding when trying to debug
'sshd' problems on Windows.  But doing this sets permissions on files
and directories used by 'sshd' so that only your user can run it.  That
means you cannot run it as a service under the properly configured
'cyg_server' account, so pubkey authentication won't work.  As a
consolation, it's quite likely the permissions on the important files
and directories were already 'hosed' as a result of the copy.

Try these options, in order of relative ease, to try to recover:

   1. Run 'ssh-host-config' and 'ssh-user-config'.

   2. Remove users 'sshd' and 'cyg_server' from '/etc/passwd' and delete
      the sshd service (cygrunsrv -E sshd; cygrunsrv -R sshd).  Then
      run 'ssh-host-config' and 'ssh-user-config'.

   3. Install via 'setup*.exe' to a new location and then copy in the
      bits you want.  Use 'ssh-host-config' to configure 'sshd' and
      'ssh-user-config' to configure your user files.

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple