subject:"sshd.log \/var\/empty must be owned by root and not group or world\-writable."

RE: sshd.log /var/empty must be owned by root and not group or world-writable.

2008-02-18 Thread Phil Betts

Corinna Vinschen wrote on Monday, February 18, 2008 12:12 PM::

> +  echo "${LOCALSTATEDIR}/empty is existant but not a directory."

Perhaps:

+  echo "${LOCALSTATEDIR}/empty exists but is not a directory."

would avoid a typo (it's "existEnt"), and sound less like a Google 
translation ;-)


Phil

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: sshd.log /var/empty must be owned by root and not group or world-writable.

2008-02-18 Thread Corinna Vinschen

On Feb 17 19:41, Brian Dessent wrote:
> Brian Dessent wrote:
> 
> > I don't know why running ssh-host-config didn't work, you'd probably
> > have to debug that a little more to find out.
> 
> It just occured that perhaps /var/empty did not exist the first time
> ssh-host-config was run and thus the chown failed, and it was only
> created when the sshd tried to start and failed.  If that's the case
> then simply having ssh-host-config ensure that the directory exists
> before setting ownership seems like the right thing.

Like this?

Index: contrib/cygwin/ssh-host-config
===
RCS file: /cvs/openssh/contrib/cygwin/ssh-host-config,v
retrieving revision 1.20
diff -p -u -r1.20 ssh-host-config
--- contrib/cygwin/ssh-host-config  31 Aug 2006 01:28:49 -  1.20
+++ contrib/cygwin/ssh-host-config  18 Feb 2008 12:00:39 -
@@ -181,11 +181,23 @@ then
 fi
 
 # Create /var/empty file used as chroot jail for privilege separation
-if [ -f ${LOCALSTATEDIR}/empty ]
+if [ -e ${LOCALSTATEDIR}/empty -a ! -d ${LOCALSTATEDIR}/empty ]
 then
-  echo "Creating ${LOCALSTATEDIR}/empty failed!"
-else
-  mkdir -p ${LOCALSTATEDIR}/empty
+  echo
+  echo "${LOCALSTATEDIR}/empty is existant but not a directory."
+  echo "Cannot create ssh host configuration."
+  echo
+  exit 1
+if [ ! -e ${LOCALSTATEDIR}/empty ]
+then
+  if ! mkdir -p ${LOCALSTATEDIR}/empty
+  then
+echo
+echo "Creating ${LOCALSTATEDIR}/empty directory failed."
+echo "Cannot create ssh host configuration."
+echo
+exit 1
+  fi
   if [ ${_nt} -gt 0 ]
   then
 chmod 755 ${LOCALSTATEDIR}/empty

With a little feedback I'll send it upstream.


Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader  cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: sshd.log /var/empty must be owned by root and not group or world-writable.

2008-02-17 Thread Brian Dessent

Brian Dessent wrote:

> I don't know why running ssh-host-config didn't work, you'd probably
> have to debug that a little more to find out.

It just occured that perhaps /var/empty did not exist the first time
ssh-host-config was run and thus the chown failed, and it was only
created when the sshd tried to start and failed.  If that's the case
then simply having ssh-host-config ensure that the directory exists
before setting ownership seems like the right thing.

Brian

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: sshd.log /var/empty must be owned by root and not group or world-writable.

2008-02-17 Thread Brian Dessent

David Christensen wrote:

> /var/empty must be owned by root and not group or world-writable.
> 
> 11. Change owner of /var/empty:
> 
> 20080217-144416 [EMAIL PROTECTED] /var
> $ chown root empty/
> chown: invalid user: `root'
> 
> 12.  STFW.  root is not a valid user name.  Make an educated guess and
> try again:

On Cygwin, root is a group (an alias to the 'Administrators' group) not
a user.  So you can "chgrp root" but not "chown root".  But that doesn't
matter, as really what the above error is saying is that the directory
should be owned by the user that is running the ssh daemon, which on
most unix systems is root but on Cygwin is SYSTEM since it's a service. 
So, the error is a little misleading but it's because it's a generic
message from OpenSSH.

> I don't know how to put the above fixes (chmod, chown) into Cygwin;
> perhaps the openssh maintainer can do so.

There's nothing to fix, this is already performed by ssh-host-config:

# Now check if sshd has been successfully installed.  This allows to
# set the ownership of the affected files correctly.
if cygrunsrv -Q sshd > /dev/null 2>&1
then
  if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
  then
_user="sshd_server"
  else
_user="system"
  fi
  chown "${_user}" ${SYSCONFDIR}/ssh*
  chown "${_user}".544 ${LOCALSTATEDIR}/empty
  chown "${_user}".544 ${LOCALSTATEDIR}/log/lastlog
  if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
  then
chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log
  fi
fi

I don't know why running ssh-host-config didn't work, you'd probably
have to debug that a little more to find out.

Brian

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

sshd.log /var/empty must be owned by root and not group or world-writable.

2008-02-17 Thread David Christensen

cygwin:

I was attempting to update/upgrade my Cygwin installation:


1.  Rename C:\cygwin to C:\cygwin-old


2.  Create new folders C:\cygwin and C:\cygwin\setup .


3.  Download latest Cygwin Setup and save as C:\cygwin\setup\setup.exe .


4.  Run Cygwin Setup and download/ install base system from Internet.


5.  Run Cygwin Setup and download/ install openssh from Internet.


6.  Run Cygwin Bash and configure ssh:

[EMAIL PROTECTED] ~
$ ssh-host-config
Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read
/usr/share/doc/openssh/README.privsep
.

Should privilege separation be used? (yes/no) yes
Generating /etc/sshd_config file

Host configuration finished. Have fun!

$ ssh-user-config

WARNING: group and other have been revoked write permission to your home
 directory /home/Administrator.
 This is required by OpenSSH to allow public key authentication
using
 the key files stored in your .ssh subdirectory.
 Revert this change ONLY if you know what you are doing!

Shall I create an SSH1 RSA identity file for you? (yes/no) no
Shall I create an SSH2 RSA identity file for you? (yes/no) yes
Generating /home/Administrator/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Do you want to use this identity to login to this machine? (yes/no) yes
Adding to /home/Administrator/.ssh/authorized_keys
Shall I create an SSH2 DSA identity file for you? (yes/no) yes
Generating /home/Administrator/.ssh/id_dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Do you want to use this identity to login to this machine? (yes/no) yes
Adding to /home/Administrator/.ssh/authorized_keys

Configuration finished. Have fun!


7.  Run Cygwin Bash and attempt to start sshd:

$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.


8.  Look at /var/log/sshd.log:

/var/empty must be owned by root and not group or world-writable.


9.  Adjust mode of /var/empty and attempt to start sshd:

20080217-144322 [EMAIL PROTECTED] /var
$ ll -d empty/
drwxr-xr-x+ 2 Administrator None 0 Feb 17 14:30 empty//

20080217-144326 [EMAIL PROTECTED] /var
$ chmod 700 empty
20080217-144400 [EMAIL PROTECTED] /var

$ ll -d empty/
drwx--+ 2 Administrator None 0 Feb 17 14:30 empty//
20080217-144405 [EMAIL PROTECTED] /var

$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.


10. Look at /var/log/sshd.log:

/var/empty must be owned by root and not group or world-writable.


11. Change owner of /var/empty:

20080217-144416 [EMAIL PROTECTED] /var
$ chown root empty/
chown: invalid user: `root'


12.  STFW.  root is not a valid user name.  Make an educated guess and
try again:

20080217-151048 [EMAIL PROTECTED] /var
$ chown SYSTEM empty

20080217-151056 [EMAIL PROTECTED] /var
$ ll -d empty/
drwx--+ 2 SYSTEM None 0 Feb 17 14:30 empty//

20080217-151108 [EMAIL PROTECTED] /var
$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.


Per http://www.cygwin.com/problems.html, cygcheck.out is attached.


I don't know how to put the above fixes (chmod, chown) into Cygwin;
perhaps the openssh maintainer can do so.


HTH,

David


cygcheck.out
Description: Binary data
--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

RE: sshd.log /var/empty must be owned by root and not group or world-writable.

Re: sshd.log /var/empty must be owned by root and not group or world-writable.

Re: sshd.log /var/empty must be owned by root and not group or world-writable.

Re: sshd.log /var/empty must be owned by root and not group or world-writable.

sshd.log /var/empty must be owned by root and not group or world-writable.

5 matches

Site Navigation

Mail list logo

Footer information