Hi, please consider the below patch for OpenSSH 6.7. A fix in POSIX ACL handling in Cygwin turned up this rather old code in the ssh-host-config script. It opens the permissions for some directories, especially /var/empty, for the "system" user for no good reason. This results in sshd refusing to start because the permissions on /var/empty are too open. The below patch fixes that by dropping the code adding an ACL entry for the "system" user. Thanks, Corinna Index: contrib/cygwin/ssh-host-config =================================================================== RCS file: /cvs/openssh/contrib/cygwin/ssh-host-config,v retrieving revision 1.35 diff -u -p -r1.35 ssh-host-config --- contrib/cygwin/ssh-host-config 27 May 2014 04:31:59 -0000 1.35 +++ contrib/cygwin/ssh-host-config 29 Aug 2014 21:24:02 -0000 @@ -37,7 +37,6 @@ declare -a csih_required_commands=( /usr/bin/mkpasswd cygwin /usr/bin/mount cygwin /usr/bin/ps cygwin - /usr/bin/setfacl cygwin /usr/bin/umount cygwin /usr/bin/cmp diffutils /usr/bin/grep grep @@ -658,11 +657,6 @@ then csih_warning "Can't set permissions on ${SYSCONFDIR}!" let ++warning_cnt fi -if ! /usr/bin/setfacl -m u:system:rwx "${SYSCONFDIR}" >/dev/null 2>&1 -then - csih_warning "Can't set extended permissions on ${SYSCONFDIR}!" - let ++warning_cnt -fi # Check for /var/log directory csih_make_dir "${LOCALSTATEDIR}/log" "Cannot create log directory." @@ -671,11 +665,6 @@ then csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log!" let ++warning_cnt fi -if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/log" >/dev/null 2>&1 -then - csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/log!" - let ++warning_cnt -fi # Create /var/log/lastlog if not already exists if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] @@ -699,11 +688,6 @@ csih_make_dir "${LOCALSTATEDIR}/empty" " if ! /usr/bin/chmod 755 "${LOCALSTATEDIR}/empty" >/dev/null 2>&1 then csih_warning "Can't set permissions on ${LOCALSTATEDIR}/empty!" - let ++warning_cnt -fi -if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty" >/dev/null 2>&1 -then - csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/empty!" let ++warning_cnt fi -- Corinna Vinschen Cygwin Maintainer Red Hat
Attachment:
pgpLyIoqqz6AS.pgp
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev