Re: sshd "PrintLastLog yes"

Mon, 08 Sep 2003 09:25:09 -0700 

On Mon, 8 Sep 2003, Christopher Faylor wrote:

> On Mon, Sep 08, 2003 at 11:01:59AM -0500, Joshua Daniel Franklin wrote:
> >On Sun, Sep 07, 2003 at 02:30:47PM -0400, Larry Hall wrote:
> >> At 05:30 AM 9/7/2003, Fermin Sanchez you wrote:
> >> >I did a chmod 664 on /var/log/lastlog, now it works. Thank you again!
> >> >One good side effect: I'm going to put all this information into a "how
> >> >to install and run cygwin and sshd on a Windows Server 2003 Domain
> >> >Controller" ;-)
> >>
> >> It would be great to see this as an addition to the Cygwin docs and/or
> >> automated by the post-install script too.  Just a thought.
> >
> >Personally I think this is a candidate for a specific package README,
> >though maybe some language could be added to "Security" section of the
> >User's Guide.
>
> I'm not sure I understand the argument against automatically setting the
> permissions on /var/log/lastlog to something which would allow a
> properly privileged account to access the file.  It seems like this
> is a good post-install candidate to me.
>
> cgf

The argument is that you don't always know what the properly privileged
account *is*.  You can't assume that it's "system" (not on Win2003, at
least).  I don't disagree that on new installs this should be set to
something sensible, but we should leave power users the ability to
manipulate their filesystem in the way they want to without having to
worry about postinstall scripts changing that setup.  That's why I
suggested adding this into "ssh-host-config" (which will presumably be run
by new users to set up sshd) instead.  Another advantage of
"ssh-host-config" is that it's interactive (whereas postinstall scripts
aren't, or shouldn't be).
        Igor
-- 
                                http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_                [EMAIL PROTECTED]
ZZZzz /,`.-'`'    -.  ;-;;,_            [EMAIL PROTECTED]
     |,4-  ) )-,_. ,\ (  `'-'           Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL     a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply via email to