sshd, /etc/hosts.allow, & Alternate Access Methods

Thu Feb 23 18:19:00 GMT 2006

Igor Peshansky wrote:
> On 2006年2月23日, Tim Daneliuk wrote:
>><SNIP>
> Same reason -- Cygwin isn't really ACL-aware. You can also restore the
> original ACLs by running something like "getfacl hosts.allow | setfacl -f
> - hosts.allow.orig" (assuming the owner stays the same).
>>>>-rwx------+ 1 tundra None 200 Feb 23 00:15 hosts.allow
>>-rwx------ 1 tundra None 200 Feb 23 00:15 hosts.allow.orig
>>-rwx------+ 1 tundra None 407 Feb 23 00:15 hosts.deny
>>> These files should really be owned by SYSTEM (or whatever user sshd runs
> as).
> HTH,
> 	Igor

Ahh - that was the hint I needed. But here is something very strange:
As installed, hosts.allow is owned by the installing user - in this
case, "tundra" who is also an Administrator on the system. sshd
properly recognizes the rule found in this file. HOWEVER, if I edit
the file (to change allow rules), I *have* to chown it to SYSTEM or
ssh access outside localhost fails. Stranger still is that once
the file is owned by SYSTEM, it cannot be further edited because
I get a "Permission Denied" on it with emacs or vi - strange considering
that I am an Administrator on the system.
P.S. Did I mention that I hate the Windows security model ;)
-- 
----------------------------------------------------------------------------
Tim Daneliuk tundra@tundraware.com
PGP Key: http://www.tundraware.com/PGP/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/