Re: sshd default user PATH
On Aug 19 12:58, Corinna Vinschen wrote: > On Aug 19 09:08, Achim Gratz wrote: > > Corinna Vinschen cygwin.com> writes: > > > That means the patch to sshd isn't that important. Nevertheless, I > > > just released cygrunsrv-1.60-1, which prepends /bin to $PATH. > > > > > > Funny enough, the README file claimed that /bin gets prepended to $PATH > > > since the early days. Just the actual code didn't follow suit :-P > > > > The help output from the command still talks about adding it to PATH, so > > that may actually have been intentional: prepending /bin might mess up > > things if someone actually wants to get something in front. All things > > considered, I suggest that cygrunsrv doesn't fiddle with the PATH if an > > explicit PATH environment has been given on the command line, ... > > Sounds like a good idea to me. Or, for backward compatibility reasons, better append /bin if PATH is given explicitely via -e. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgp24HSUAMQmi.pgp Description: PGP signature
Re: sshd default user PATH
On Aug 19 09:08, Achim Gratz wrote: > Corinna Vinschen cygwin.com> writes: > > That means the patch to sshd isn't that important. Nevertheless, I > > just released cygrunsrv-1.60-1, which prepends /bin to $PATH. > > > > Funny enough, the README file claimed that /bin gets prepended to $PATH > > since the early days. Just the actual code didn't follow suit :-P > > The help output from the command still talks about adding it to PATH, so > that may actually have been intentional: prepending /bin might mess up > things if someone actually wants to get something in front. All things > considered, I suggest that cygrunsrv doesn't fiddle with the PATH if an > explicit PATH environment has been given on the command line, ... Sounds like a good idea to me. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgp6jJnYEhgJx.pgp Description: PGP signature
Re: sshd default user PATH
Corinna Vinschen cygwin.com> writes: > That means the patch to sshd isn't that important. Nevertheless, I > just released cygrunsrv-1.60-1, which prepends /bin to $PATH. > > Funny enough, the README file claimed that /bin gets prepended to $PATH > since the early days. Just the actual code didn't follow suit :-P The help output from the command still talks about adding it to PATH, so that may actually have been intentional: prepending /bin might mess up things if someone actually wants to get something in front. All things considered, I suggest that cygrunsrv doesn't fiddle with the PATH if an explicit PATH environment has been given on the command line, but prepends it to the PATH if it gets inherited from Windows. Regards, Achim. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: sshd default user PATH
On Aug 14 13:01, Achim Gratz wrote: > Achim Gratz NexGo.DE> writes: > > I've just tried using "-e PATH=/bin" in the sshd service startup, but > > PATH still seems to be hardcopied from Windows > > I did this wrong. I had to re-install the service, not just adding a > startup parameter. With "-e "PATH=/usr/bin" the resulting initial PATH from > an ssh login is "PATH=/usr/bin:/bin". So I can use that as a workaround and > we can spend some more time to think about whether that behaviour from > cygrunsrv or sshd needs further adjustment or if just the install helper > script should ask for these things. > > Thanks for getting me on the right track. That means the patch to sshd isn't that important. Nevertheless, I just released cygrunsrv-1.60-1, which prepends /bin to $PATH. Funny enough, the README file claimed that /bin gets prepended to $PATH since the early days. Just the actual code didn't follow suit :-P Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpoFbkCoyLc_.pgp Description: PGP signature
Re: sshd default user PATH
Achim Gratz NexGo.DE> writes: > I've just tried using "-e PATH=/bin" in the sshd service startup, but > PATH still seems to be hardcopied from Windows I did this wrong. I had to re-install the service, not just adding a startup parameter. With "-e "PATH=/usr/bin" the resulting initial PATH from an ssh login is "PATH=/usr/bin:/bin". So I can use that as a workaround and we can spend some more time to think about whether that behaviour from cygrunsrv or sshd needs further adjustment or if just the install helper script should ask for these things. Thanks for getting me on the right track. Regards, Achim. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: sshd default user PATH
Greetings, Corinna Vinschen! > There's a problem. On Cygwin it's not /etc/default, but /etc/defaults. > Note the trailing "s". You're confusing /etc/default/ (a directory with default initial values for runtime/startup configurations of [mainly] daemons), which could and SHOULD be changed to suit system needs and Cygwin's /etc/defaults with pristine copy of installation environment, which not supposed to be touched by anything, but installation scripts. > OpenSSH only provides support for /etc/default/login with no way to > influence the name or path. This would require a patch to openssh just > for the sake of Cygwin. I asked upstream, but I don't expect that this > will be changed any time soon. I don't expect it to be changed at all, since there's nothing needs to be changed. These two directories serve completely different purposes. -- WBR, Andrey Repin (anrdae...@yandex.ru) 14.08.2014, <16:32> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: sshd default user PATH
Corinna Vinschen cygwin.com> writes: > On other systems sshd sets $PATH to "/usr/bin:/bin:/usr/sbin:/sbin", but > on Cygwin it doesn't change $PATH and just takes what it got from > cygrunsrv so as not to break the search path for DLLs not in the system > directories. I'm running Cygwin since years with all traces of the Windows path deliberately deleted and never hit any problem. That would be different if I tried to mix windows applications in, but I prefer to have wrapper scripts for those anyway. > So this is kind of a cygrunsrv problem. It simply appends /bin to > $PATH, rather than prepending it. Ah, I was wondering where that comes from since nothing in sshd does it. So sshd just takes over the environment as set up by cygrunsrv? Then it might be a lot easier to just tell cygrunsrv what to put into PATH. > Right, /etc/default/login and, fwiw, any method to change $PATH from the > default path is disabled on Cygwin deliberately for the reason outlined > above. Thanks for confirming, after staring at the configure output for a while I've finally found that #ifdef in the source... > It's not that simple. It requires a code change in sshd. However, > maybe the rigorous handling is not required anymore these days. May not be necessary anyway. > Anyway, even if I re-enable /etc/default/login and the standard PATH > handling in sshd, there's no way to set an arbitrary environment. For > security reasons, sshd is very selective in the environment variables it > sets up. From /etc/default/login, it takes *only* PATH and UMASK, > for instance. Everything else should be set in the shell profiles. I really only need PATH at the moment. If I bounce commands directly onto the server without going through a login shell nothing really works as expected at the moment since Cygwin is last in path. I don't want to add Cygwin to the Windows path for other reasons and I really don't have control what else gets added there and in which order. > So, here's what I'll do: > > - Change cygrunsrv to prepend /bin to $PATH rather then appending it. I would appreciate if it could (optionally) look in some configuration file (/etc/environment ?) and use PATH as defined there and store the path as set up in Windows in ORIGINAL_PATH (like done in /etc/profile, where this is conditional on CYGWIN_NOWINPATH being present). > - Drop the Cygwin specific ignorance of /etc/default/login from the > source code and build a new OpenSSH package. > > Does that sound ok? Very much. If the environment can be controlled via cygrunsrv, then the changes to sshd might not be necessary. I've just tried using "-e PATH=/bin" in the sshd service startup, but PATH still seems to be hardcopied from Windows (the setting is ignored if the environment variable already exists?). Regards, Achim. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: sshd default user PATH
On Aug 14 13:20, Corinna Vinschen wrote: > On Aug 14 09:56, Achim Gratz wrote: > > I'm trying to figure out how sshd comes up with the PATH for the initial > > environment. Currently I get the Windows sytem PATH (converted to POSIX) > > and then /bin appended. This is no good, at least /bin should be at the > > beginning of that PATH. > > On other systems sshd sets $PATH to "/usr/bin:/bin:/usr/sbin:/sbin", but > on Cygwin it doesn't change $PATH and just takes what it got from > cygrunsrv so as not to break the search path for DLLs not in the system > directories. > > So this is kind of a cygrunsrv problem. It simply appends /bin to > $PATH, rather than prepending it. > > > I've not been able to change this system-wide so far. Apparently sshd has > > been built on a machine where /etc/default/login wasn't present, at least it > > doesn't appear to try to read that file (or any other system file) for > > setting up the initial environment. > > Right, /etc/default/login and, fwiw, any method to change $PATH from the > default path is disabled on Cygwin deliberately for the reason outlined > above. > > > The /etc/sshrc is run if I create it, > > but you can't set any environment variables from within it. I don't want to > > enable user environments. > > > > I think it would be nice if there was a system file that could set the > > initial environment for sshd, maybe setting external_path_file to > > /etc/ssh_environment fits in better with the default Cygwin /etc layout, > > though. > > It's not that simple. It requires a code change in sshd. However, > maybe the rigorous handling is not required anymore these days. > > Anyway, even if I re-enable /etc/default/login and the standard PATH > handling in sshd, there's no way to set an arbitrary environment. For > security reasons, sshd is very selective in the environment variables it > sets up. From /etc/default/login, it takes *only* PATH and UMASK, > for instance. Everything else should be set in the shell profiles. > > So, here's what I'll do: > > - Change cygrunsrv to prepend /bin to $PATH rather then appending it. > > - Drop the Cygwin specific ignorance of /etc/default/login from the > source code and build a new OpenSSH package. > > Does that sound ok? There's a problem. On Cygwin it's not /etc/default, but /etc/defaults. Note the trailing "s". OpenSSH only provides support for /etc/default/login with no way to influence the name or path. This would require a patch to openssh just for the sake of Cygwin. I asked upstream, but I don't expect that this will be changed any time soon. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgp5AdYFLp3TI.pgp Description: PGP signature
Re: sshd default user PATH
On Aug 14 09:56, Achim Gratz wrote: > I'm trying to figure out how sshd comes up with the PATH for the initial > environment. Currently I get the Windows sytem PATH (converted to POSIX) > and then /bin appended. This is no good, at least /bin should be at the > beginning of that PATH. On other systems sshd sets $PATH to "/usr/bin:/bin:/usr/sbin:/sbin", but on Cygwin it doesn't change $PATH and just takes what it got from cygrunsrv so as not to break the search path for DLLs not in the system directories. So this is kind of a cygrunsrv problem. It simply appends /bin to $PATH, rather than prepending it. > I've not been able to change this system-wide so far. Apparently sshd has > been built on a machine where /etc/default/login wasn't present, at least it > doesn't appear to try to read that file (or any other system file) for > setting up the initial environment. Right, /etc/default/login and, fwiw, any method to change $PATH from the default path is disabled on Cygwin deliberately for the reason outlined above. > The /etc/sshrc is run if I create it, > but you can't set any environment variables from within it. I don't want to > enable user environments. > > I think it would be nice if there was a system file that could set the > initial environment for sshd, maybe setting external_path_file to > /etc/ssh_environment fits in better with the default Cygwin /etc layout, > though. It's not that simple. It requires a code change in sshd. However, maybe the rigorous handling is not required anymore these days. Anyway, even if I re-enable /etc/default/login and the standard PATH handling in sshd, there's no way to set an arbitrary environment. For security reasons, sshd is very selective in the environment variables it sets up. From /etc/default/login, it takes *only* PATH and UMASK, for instance. Everything else should be set in the shell profiles. So, here's what I'll do: - Change cygrunsrv to prepend /bin to $PATH rather then appending it. - Drop the Cygwin specific ignorance of /etc/default/login from the source code and build a new OpenSSH package. Does that sound ok? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpI8hJVqS03B.pgp Description: PGP signature