This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: bash -l not sourcing /etc/profile? (minor annoyance)

From: Brian Inglis <Brian dot Inglis at SystematicSw dot ab dot ca>
To: cygwin at cygwin dot com
Date: Sun, 12 Mar 2017 14:02:36 -0600
Subject: Re: bash -l not sourcing /etc/profile? (minor annoyance)
Authentication-results: sourceware.org; auth=none
References: <d36a5c1f-d515-c78c-e958-cd94898f7db0@pobox.com> <fd4be5d7-52f7-0d29-2776-bc0316c06f6c@SystematicSw.ab.ca> <bf2e2417-ee57-e415-0ec5-e919a87d2ffc@pobox.com>
Reply-to: Brian dot Inglis at SystematicSw dot ab dot ca

On 2017-03-11 20:51, Daniel Santos wrote:
> First off, thanks for your response and I apologize for my late reply.
> 
> On 03/09/2017 06:21 PM, Brian Inglis wrote:
>> On 2017-03-09 15:58, Daniel Santos wrote:
>>> This is just a minor annoyance. When I start a mintty session and
>>> even if I type bash -l or basy -li, I don't get my /etc/profile
>>> sourced and I have to manually do it each time I log in. Any idea
>>> what's causing that?
>> Cygwin/bash/mintty shortcut properties or command line should have
>> "-" at end e.g.
>>
>>     "C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico -"
> 
> Yes, I have verified that.
> 
>> Otherwise does it have Windows line endings or permissions too open?
> 
> Windows line endings where? Also, please be a little more specific
> about permissions. On what file(s) are you referring to? How could
> this happen if they are "too open"? Usually, permissions being too
> open just results in a big security hole. Does Cygwin do some type of
> detection of this and crap out w/o a proper error message if some
> permissions are too open?

/etc/profile ~/.profile ...

Run file on profiles and check they don't say with CRLF... as various 
utilities have been unpatched to work like native Unix by opening files 
in binary mode and barfing if they don't like CRs.
Run dos2unix/d2u to fix.
Some utilities are now more aware of security holes and may now be 
checking for no wide write permissions on files they will execute, 
as have security related utilities.
They may not complain about permissions any more than they would 
complain if a profile did not exist - would be nice of them.

>>> Possibly related, sshd doesn't seem to be reading my
>>> ~/.ssh/authorized_keys because I have to type my password every time
>>> I ssh in.
>> Windows line endings or permissions too open on directory
>> (s/b drwx------) or private key files, config, known_hosts,
>> authorized_keys (s/b _rw-------)?
> 
> Again, permissions too open w/o an error message? I did not 
> explicitly modify the permissions and the .ssh directory was created 
> by ssh-keygen. I did try to modify the permissions in Windows 
> explorer, but I only seemed to bungle things up and now I have the 
> "properties" dialogue for the .ssh directory stuck open (cannot
> close it) and I can't reboot yet because I'm running tests, so this
> may have to wait a little bit.

SSH et al are normally explicit about permissions problems.
Cygwin getfacl and setfacl are your friends - setfacl -bk ... 
on Cygwin directories and files strips most Windows ACLs down 
to POSIX compatibility and allows ch{mod,own,grp} to do their 
things without side effects.
If your account is a local admin, have a backup admin account 
on the system, just in case.

> Also, the sshd server does need to access my .ssh directory and my
> id_rsa.pub, but I don't seem to understand nt security anymore.

Start cygserver and sshd using cygrunsrv from an elevated/admin 
account or Scheduled Task so they run as SYSTEM and can impersonate.
See https://cygwin.com/cygwin-ug-net/ntsec.html for the best anyone 
can understand POSIX security and ACLs under Windows, and especially  
Switching the user context section for daemons like sshd; for 
cygserver https://cygwin.com/cygwin-ug-net/using-cygserver.html 

>> Could sshd config have disabled allowing personal config files
>> (common on corporate servers - have to talk to admins)?
> 
> This is a fresh install of Cygwin on a freshly installed Windows 7.
> 
>> If you have a passphrase on your key, you could use ssh-agent
>> and ssh-add to avoid reverifying credentials on each connection.
> 
> I did not use a passphrase.
> 
>> Do you also need host keys in /etc/ssh_known_hosts or
>> ~/.ssh/known_hosts as well as your PPK pair?
> 
> Well, known_hosts doesn't matter on the server side and I have 
> already added the Windows 7 key to my known_hosts file on my 
> GNU/Linux client. I'm not using Putty, et. al., so I don't have a
> PPK file.

Meant PPK generically - like the .ssh/id... files without the .pub 
suffix.

> I suppose I can live with the inconvenience for now. Thanks for your 
> tips.

ssh is just one of the hoops we all have to jump thru to get to do work.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

References:
- bash -l not sourcing /etc/profile? (minor annoyance)
  - From: Daniel Santos
- Re: bash -l not sourcing /etc/profile? (minor annoyance)
  - From: Brian Inglis
- Re: bash -l not sourcing /etc/profile? (minor annoyance)
  - From: Daniel Santos

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]