applied - thanks On Fri, 29 Aug 2014, Corinna Vinschen wrote: > On Aug 29 23:25, Corinna Vinschen wrote: > > Hi, > > > > please consider the below patch for OpenSSH 6.7. A fix in POSIX ACL > > handling in Cygwin turned up this rather old code in the ssh-host-config > > script. It opens the permissions for some directories, especially > > /var/empty, for the "system" user for no good reason. > > > > This results in sshd refusing to start because the permissions on > > /var/empty are too open. > > > > The below patch fixes that by dropping the code adding an ACL entry > > for the "system" user. > > Actually, please disregard the previous patch and use the below one. > The script really shows its age. It tries to create directories which > for a long time now have been installed with correct permissions by the > base installation already. > > The only directory the script really has to care for is /var/empty. > > New patch below. > > > Thanks, > Corinna > > > Index: contrib/cygwin/ssh-host-config > =================================================================== > RCS file: /cvs/openssh/contrib/cygwin/ssh-host-config,v > retrieving revision 1.35 > diff -u -p -r1.35 ssh-host-config > --- contrib/cygwin/ssh-host-config 27 May 2014 04:31:59 -0000 1.35 > +++ contrib/cygwin/ssh-host-config 29 Aug 2014 21:34:00 -0000 > @@ -37,7 +37,6 @@ declare -a csih_required_commands=( > /usr/bin/mkpasswd cygwin > /usr/bin/mount cygwin > /usr/bin/ps cygwin > - /usr/bin/setfacl cygwin > /usr/bin/umount cygwin > /usr/bin/cmp diffutils > /usr/bin/grep grep > @@ -651,32 +650,6 @@ echo > > warning_cnt=0 > > -# Check for ${SYSCONFDIR} directory > -csih_make_dir "${SYSCONFDIR}" "Cannot create global configuration files." > -if ! /usr/bin/chmod 775 "${SYSCONFDIR}" >/dev/null 2>&1 > -then > - csih_warning "Can't set permissions on ${SYSCONFDIR}!" > - let ++warning_cnt > -fi > -if ! /usr/bin/setfacl -m u:system:rwx "${SYSCONFDIR}" >/dev/null 2>&1 > -then > - csih_warning "Can't set extended permissions on ${SYSCONFDIR}!" > - let ++warning_cnt > -fi > - > -# Check for /var/log directory > -csih_make_dir "${LOCALSTATEDIR}/log" "Cannot create log directory." > -if ! /usr/bin/chmod 775 "${LOCALSTATEDIR}/log" >/dev/null 2>&1 > -then > - csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log!" > - let ++warning_cnt > -fi > -if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/log" >/dev/null 2>&1 > -then > - csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/log!" > - let ++warning_cnt > -fi > - > # Create /var/log/lastlog if not already exists > if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] > then > @@ -699,11 +672,6 @@ csih_make_dir "${LOCALSTATEDIR}/empty" " > if ! /usr/bin/chmod 755 "${LOCALSTATEDIR}/empty" >/dev/null 2>&1 > then > csih_warning "Can't set permissions on ${LOCALSTATEDIR}/empty!" > - let ++warning_cnt > -fi > -if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty" >/dev/null 2>&1 > -then > - csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/empty!" > let ++warning_cnt > fi > > -- > Corinna Vinschen > Cygwin Maintainer > Red Hat > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev