On 8/29/2014 4:00 PM, Achim Gratz wrote:
> Ken Brown writes:
>> I just checked /var/log/sshd.log. (I hadn't thought to do that
>> before.) The last message in it is, "/var/empty must be owned by root
>> and not group or world-writable." So the problem seems to be that
>> /var/empty appears to sshd to be group writable under the latest
>> snapshot. This is the "downside" that Corinna mentioned. What needs
>> to be done to /var/empty to fix this?
>
> You need to remove all ACL from the directory, either with setfacl or
> (from cmd) icacls or even the security tab in Explorer. Most likely
> these are inherited from the parent directory of the Cygwin
> installation.
The ACLs aren't inherited. They're explicitly set by ssh-host-config:
if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
then
csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/empty!"
let ++warning_cnt
fi
This must be done for a reason, but I don't know what it is.
Ken
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
