cygwin sshd Configuration
Ted
$ ssh-host-config
*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH
3.3.
*** Info: However, this requires a non-privileged account called
'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/
openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Warning: The permissions on the directory /var are not correct.
*** Warning: They must match the regexp d..x..x..[xt]
*** ERROR: Problem with /var directory. Exiting.
I now need to change the permissions on /var. The warning above
specifies that the permission on /var for "other" must be executable
or sticky. So, which is better/more secure/better?
Is there such a permission as "executable sticky"? Hmmm...
Thanks,
Ted
Hans van Zijst
The "executable sticky" might not do what you want:
http://www.zzee.com/solutions/linux-permissions.shtml
I have a vague recollection of it being used for locking.
Why would you want to have /var completely locked anyway? Why not make
it 711 or even 755 indeed?
Kind regards,
Hans
Ted
d..x..x..[xt]" may not be what I thought it is intended to represent.
My interpretation for "regexp d..x..x..[xt]" is that the directory "/
var" should have executable permission for "owner", and "group". The
permission for "other" can be either "exectuable" or whatever "t"
represents. The documentation that I found specified that "t"
represents the "sticky bit". Later I found a source that specified "t"
represents different things in different Unixes/Unixi...
So, can anyone specify in English what permissions "/var" should have
when configuring sshd for cygwin?
Thanks,
Ted
Nico Kadel-Garcia
> After doing some more reading, it turns out that the "t" in "regexp
> d..x..x..[xt]" may not be what I thought it is intended to represent.
> My interpretation for "regexp d..x..x..[xt]" is that the directory "/
> var" should have executable permission for "owner", and "group". The
> permission for "other" can be either "exectuable" or whatever "t"
> represents. The documentation that I found specified that "t"
> represents the "sticky bit". Later I found a source that specified "t"
> represents different things in different Unixes/Unixi...
Hold it. This means that t, or x, is acceptable for that last
character in the directory permissions. For /var, do *not* use "t".
Using that could cause surprises when you least expect it: the normal
permissions for /var are drwxr-xr-x.
> So, can anyone specify in English what permissions "/var" should have
> when configuring sshd for cygwin?
>
> Thanks,
> Ted
CygWin is its own unique mish-mosh of GNU toolchain built software,
layered on top of Windows. This creates.... interesting file ownership
confusions. But the normal permissions under CygWin are actually dr-xr-
xr-x.
Nico Kadel-Garcia
> CygWin is its own unique mish-mosh of GNU toolchain built software,
> layered on top of Windows. This creates.... interesting file ownership
> confusions. But the normal permissions under CygWin are actually dr-xr-xr-x.
Excuse me, I just double checked: on My Vista machine running CygWin,
it's dr-xr-x---.
AVIS phoenix
this article has the solution , I tried it & it works
http://www.chinese-watercolor.com/LRP/printsrv/cygwin-sshd.html