Re: login: no shell: /bin/bash: Permission denied
On 9/13/2011 13:38, Larson, Donald (Don) wrote: I understand su does not work – answer use ssh. SSHD cannot start because user sshd cannot login. I run login sshd type in the password and then I get the message. What you're saying is that you want a way to log in as another user as one would with the su command, right? If so, you need to get the sshd service working first so that you can at least log in as yourself. The process for doing that is documented in /usr/share/doc/Cygwin/openssh.README. Read this carefully. If you have problems with this part, submit a problem report as Larry suggested. When things work, you should be able to run something like the following command to log in as yourself over SSH: $ ssh your_username@localhost Once you're able to log in as yourself, you can set up account details for other accounts in /etc/passwd in order to allow yourself to log in via SSH using those accounts. The mkpasswd program will help you here. This is the tricky part. For accounts that have no password such as the SYSTEM account or for accounts whose passwords you do not know, you need to set up public key authentication so that you can authenticate over SSH without a password. You may also need to make some manual edits to your /etc/passwd file in order to set home directories and shells for accounts such as SYSTEM where those settings are not defined by default. If you need details for how to use public key authentication with SSH, there are numerous articles available online. For your needs here, there is nothing Cygwin specific about setting this up. This is what I did just now to allow me to log in as the SYSTEM account: 1) Create the directory /root/.ssh. 2) Copy your SSH public key file to /root/.ssh/authorized_keys. 3) Set the owner of /root and its contents to SYSTEM. 4) Open the /etc/passwd file in a text editor. 5) Modify the line that starts with SYSTEM as follows: a) Insert /root before the last colon on the line. b) Append /bin/bash after the last colon on the line. 6) Save the changes. Now you should be able to log into the SYSTEM account by running: $ ssh SYSTEM@localhost -Jeremy -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: login: no shell: /bin/bash: Permission denied
On 14/09/2011 11:08 AM, Jeremy Bopp wrote: On 9/13/2011 13:38, Larson, Donald (Don) wrote: I understand su does not work – answer use ssh. SSHD cannot start because user sshd cannot login. I run login sshd type in the password and then I get the message. What you're saying is that you want a way to log in as another user as one would with the su command, right? If so, you need to get the sshd service working first so that you can at least log in as yourself. The process for doing that is documented in /usr/share/doc/Cygwin/openssh.README. Read this carefully. If you have problems with this part, submit a problem report as Larry suggested. When things work, you should be able to run something like the following command to log in as yourself over SSH: $ ssh your_username@localhost Once you're able to log in as yourself, you can set up account details for other accounts in /etc/passwd in order to allow yourself to log in via SSH using those accounts. The mkpasswd program will help you here. This is the tricky part. For accounts that have no password such as the SYSTEM account or for accounts whose passwords you do not know, you need to set up public key authentication so that you can authenticate over SSH without a password. You may also need to make some manual edits to your /etc/passwd file in order to set home directories and shells for accounts such as SYSTEM where those settings are not defined by default. If you need details for how to use public key authentication with SSH, there are numerous articles available online. For your needs here, there is nothing Cygwin specific about setting this up. This is what I did just now to allow me to log in as the SYSTEM account: 1) Create the directory /root/.ssh. 2) Copy your SSH public key file to /root/.ssh/authorized_keys. 3) Set the owner of /root and its contents to SYSTEM. 4) Open the /etc/passwd file in a text editor. 5) Modify the line that starts with SYSTEM as follows: a) Insert /root before the last colon on the line. b) Append /bin/bash after the last colon on the line. 6) Save the changes. Now you should be able to log into the SYSTEM account by running: $ ssh SYSTEM@localhost Question: in my experience sshd will not allow connections to users who have no password set, even when password-auth is not used. This happened on my wife's laptop, for example, where I ended up having to create a dummy user for myself that had a password, since she didn't want her account to have one. Does SYSTEM have some sort of password after all? Ryan -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: login: no shell: /bin/bash: Permission denied
On 9/14/2011 14:25, Ryan Johnson wrote: Question: in my experience sshd will not allow connections to users who have no password set, even when password-auth is not used. This happened on my wife's laptop, for example, where I ended up having to create a dummy user for myself that had a password, since she didn't want her account to have one. Does SYSTEM have some sort of password after all? No, I don't think it has a password, especially since its use is disallowed for user logins in the first place, but I can't find any reference to back up my assertion at the moment. I can't explain your experience with password-less user accounts though. I've never tried that configuration with sshd myself. Is it possible that you neglected to add your wife's account information into /etc/passwd before attempting to log in using it? You'll get rejected by sshd just like you describe unless the account you're trying to use is listed in there. Having the correct SID listed in the user information is critical. -Jeremy -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
login: no shell: /bin/bash: Permission denied
Folks, I have searched this and I see it has come up several times and I really don't want to frustrate anyone, but I have read the messages and was not able to see what the actual answer was. I understand su does not work – answer use ssh. SSHD cannot start because user sshd cannot login. I run login sshd type in the password and then I get the message. Any help is appreciated. Thanks, Don -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: login: no shell: /bin/bash: Permission denied
On 9/13/2011 2:38 PM, Larson, Donald (Don) wrote: Folks, I have searched this and I see it has come up several times and I really don't want to frustrate anyone, but I have read the messages and was not able to see what the actual answer was. I understand su does not work – answer use ssh. SSHD cannot start because user sshd cannot login. I run login sshd type in the password and then I get the message. The shell set for user 'sshd' in '/etc/passwd' is '/bin/false' which means that user can't be used as a regular user to login with. Any help is appreciated. If your problem is that the 'sshd' service will not start, then you're better off putting in a problem report. Problem reports: http://cygwin.com/problems.html -- Larry _ A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: login: no shell: /bin/bash: Permission denied
Andrew, On Fri, Mar 08, 2002 at 02:32:07PM -0800, Andrew DeFaria wrote: Jason Tishler wrote: On Thu, Mar 07, 2002 at 10:34:42AM -0800, Andrew DeFaria wrote: Please do not email me directly - keep it only on the list. Hmm...didn't you just do a reply all? Or, was that to make a point? You emailed me. I emailed you back. AND I put it back to the mail list. [snip] I find your replies an interesting way of saying thank you. Have you already forgotten that I was the one that actually *helped* you? Jason -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Jason Tishler wrote: Andrew, On Thu, Mar 07, 2002 at 10:34:42AM -0800, Andrew DeFaria wrote: Please do not email me directly - keep it only on the list. Hmm...didn't you just do a reply all? Or, was that to make a point? You emailed me. I emailed you back. AND I put it back to the mail list. Sorry, but hitting g is just more natural than hitting L for me. Whatever keys you need to hit - hit the correct ones. Again, please do not email me but keep it on the list. (If it matters I don't use the email list I use the news service instead). If this is important to you, then please indicate this by setting your Reply-To. My Reply-To is set for people who indeed wish to email me directly because they wish to have a private conversation. You didn't do that. You emailed me and the list. My mailer will honor your preference. Alternatively, I suggest using sometime like procmail to suppress dups. This is the technique that I use and I don't see any dups (unless I want to). This is not a dup situation! This is a I read this mailing list via an nntp gateway then you emailed me situation. Procmail, which I already use, will not handle that. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Thu, Mar 07, 2002 at 09:01:45AM +0100, Jan Nieuwenhuizen wrote: Corinna Vinschen [EMAIL PROTECTED] writes: These user rights are by default only given to SYSTEM regardless of the NT version. XP differs only by requiring less of these user rights in one of the needed system calls. Ok, but I can't seem to add specific rights to users with this version of windows xp (home edition). You can give a user administrator rights (whatever set of rights that is), or not. Is this another toy operating system after all? Yes and no. Fact is, the kernel and the libraries are a real NT system. But the system tools don't allow you to do all that stuff. You should have taken Home Edition really serious. But that isn't what you do anyway. Use sshd or inetd/telnet to switch user context as you already do. That's more secure. Imagine your account has the user right act as part of the operating system and you install a virulent application accidentally... Anyway, the su alias using ssh works fine; too bad that noone responded on *that*, while it seems that everyone needs su. It's in this mailing list's archive. If anybody asks for su again, we can point him/her to your posting. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Wed, Mar 06, 2002 at 01:56:07PM -0800, Andrew DeFaria wrote: OK then, seems to me that su might be implementable by using a service that runs as SYSTEM and takes requests to switch user from user A to user B. Possible? Sure. It's exactly the way the user switch is implemented in 2K/XP. Regardless, to me it's still would be a large security hole if all one needs to do is: $ echo + ~/.rhosts to be able to abuse rsh to do something under somebody else's user ID is it not? It's the same on U*X. If you don't care for the permissions of your home directory you're out of luck. And rsh is a dangerous service anyway. If you don't want it, just remove the matching line in /etc/inetd.conf and use ssh. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Corinna Vinschen [EMAIL PROTECTED] writes: rights (whatever set of rights that is), or not. Is this another toy operating system after all? Yes and no. Fact is, the kernel and the libraries are a real NT system. But the system tools don't allow you to do all that stuff. Ok. So maybe with the right tools (or /proc/registry tweaking), Home Edition could be taught to administer nt rights for users/groups. You should have taken Home Edition really serious. But that isn't what you do anyway. I don't understand? [This machine isn't mine, of course, but I've now got the choice of using this iso an old Windows 98 box to test cygwin stuff] Use sshd or inetd/telnet to switch user context as you already do. That's more secure. Imagine your account has the user right act as part of the operating system and you install a virulent application accidentally... Sure. Amazingly, the default setup from Miscrosoft is with Outlook and one user without passwd, who has administrator (and whatnot) rights. So for enhanced vulnerability, a default IIS install should suffice, I guess. Jan. -- Jan Nieuwenhuizen [EMAIL PROTECTED] | GNU LilyPond - The music typesetter http://www.xs4all.nl/~jantien | http://www.lilypond.org -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Thu, Mar 07, 2002 at 10:43:02AM +0100, Jan Nieuwenhuizen wrote: Yes and no. Fact is, the kernel and the libraries are a real NT system. But the system tools don't allow you to do all that stuff. Ok. So maybe with the right tools (or /proc/registry tweaking), Home Edition could be taught to administer nt rights for users/groups. I have XP HE and XP Prof versions for testing purposes. The restrictions in HE are really tricky. I tried even stuff as moving DLLs and MMC snapins from Prof to HE but to no avail. Registry tweaking is useless, too. The user rights are in the SAM. What I didn't try but what should work is writing your own application using LSA Policy functions. Which means, writing your own Local Security Policy application. But that isn't what you do anyway. I don't understand? [This machine isn't mine, of course, but I've now got the choice of using this iso an old Windows 98 box to test cygwin stuff] Sorry, that should read But that isn't what you *should* do anyway. Sure. Amazingly, the default setup from Miscrosoft is with Outlook and one user without passwd, who has administrator (and whatnot) rights. So for enhanced vulnerability, a default IIS install should suffice, I guess. Yeah, HE is an NT system which has been downgraded nearly to the usual 98 insecurity. It's annoying. However, it was funny to see, that `ntsec' works fine. Unfortunately you can neither set nor see the permissions in the GUI. But you can, using Cygwin. So with Cygwin you can upgrade HE ;-) Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Corinna Vinschen [EMAIL PROTECTED] writes: I have XP HE and XP Prof versions for testing purposes. The restrictions in HE are really tricky. I tried even stuff as moving DLLs and MMC snapins from Prof to HE but to no avail. Ok, so they're really rather different, in distributed system software. Registry tweaking is useless, too. The user rights are in the SAM. Yes, I understand that; but I was thinking the NT server vs workstation registry setting. If there would just have been this prof/he key. Yeah, HE is an NT system which has been downgraded nearly to the usual 98 insecurity. It's annoying. However, it was funny to see, that `ntsec' works fine. Unfortunately you can neither set nor see the permissions in the GUI. But you can, using Cygwin. So with Cygwin you can upgrade HE ;-) Yes, Cygwin gives a lot more insight in permissions. It seems however, that XP (HE) doesn't respect execute permissions on directories, in some cases. Moreover, read and execute permissions in /cygdrive/c seem to be granted in any case. $ mkdir 400; echo 400 400/400; chmod 400 400 $ ls -ld 400 400/400; cat 400/400 dr2 fred Geen0 Mar 7 12:52 400 -rw-rw-rw-1 fred Geen4 Mar 7 12:52 400/400 $ cd 400 bash: cd: 400: Permission denied $ ls -l /cygdrive/c/autoexec.bak -rwx--1 tom Geen 18 Mar 7 12:55 /cygdrive/c/autoexec.bak $ cat /cygdrive/c/autoexec.bak Path=C:\WINDOWS; $ id uid=1009(fred) gid=513(Geen) groups=0(Iedereen),513(Geen),545(Gebruikers) $ mount C:\cygwin\bin on /usr/bin type system (binmode) C:\cygwin\lib on /usr/lib type system (binmode) C:\cygwin on / type system (binmode) c: on /cygdrive/c type user (textmode,noumount) Jan. -- Jan Nieuwenhuizen [EMAIL PROTECTED] | GNU LilyPond - The music typesetter http://www.xs4all.nl/~jantien | http://www.lilypond.org -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Thu, Mar 07, 2002 at 02:04:38PM +0100, Jan Nieuwenhuizen wrote: Yes, Cygwin gives a lot more insight in permissions. It seems however, that XP (HE) doesn't respect execute permissions on directories, in some cases. Moreover, read and execute permissions in /cygdrive/c seem to be granted in any case. $ mkdir 400; echo 400 400/400; chmod 400 400 $ ls -ld 400 400/400; cat 400/400 dr2 fred Geen0 Mar 7 12:52 400 -rw-rw-rw-1 fred Geen4 Mar 7 12:52 400/400 $ cd 400 bash: cd: 400: Permission denied I don't understand your example. What's wrong? Hmm, ok, I assume you expect a `Permission denied' when trying to ls 400/400, right? This is not HE specific, it's default for all NT versions. It's a user right called Bypass traverse checking which is by default given to everyone! It means, when accessing a file, the system only checks your permissions on the file but not your permissions on the directories in the file's path. No chance to do that 100% POSIX compliant since it's not in the responsibility of Cygwin to change user rights. And we decided not to simulate that behaviour. Cygwin is already slow enough. $ ls -l /cygdrive/c/autoexec.bak -rwx--1 tom Geen 18 Mar 7 12:55 /cygdrive/c/autoexec.bak $ cat /cygdrive/c/autoexec.bak Path=C:\WINDOWS; $ id uid=1009(fred) gid=513(Geen) groups=0(Iedereen),513(Geen),545(Gebruikers) Ok, check the *full* permissions using getfacl. You'll be surprised, probably... Don't forget that an ACL contains more than just three entries. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Corinna Vinschen [EMAIL PROTECTED] writes: I don't understand your example. What's wrong? Hmm, ok, I assume you expect a `Permission denied' when trying to ls 400/400, right? Yes, sorry to be so implicit. This is not HE specific, it's default for all NT versions. It's a user right called Bypass traverse checking which is by default given to everyone! It means, when accessing a file, the system only checks your permissions on the file but not your permissions on the directories in the file's path. No chance to do that 100% POSIX compliant since it's not in the responsibility of Cygwin to change user rights. And we decided not to simulate that behaviour. Cygwin is already slow enough. Ok, thanks. Good to know that directory permissions on Windows NT are pretty useless. And no, it wouldn't make much sense to enforce POSIX compliance artificially, imo. If the kernel grants access, that's it. $ ls -dl 000 000/x d-0 fred Geen0 Mar 7 13:45 000 -rwx--1 fred Geen 11 Mar 7 13:45 000/x $ cat ./000/x; ./000/x echo hallo hallo $ ls -l /cygdrive/c/autoexec.bak -rwx--1 tom Geen 18 Mar 7 12:55 /cygdrive/c/autoexec.bak $ cat /cygdrive/c/autoexec.bak Path=C:\WINDOWS; $ id uid=1009(fred) gid=513(Geen) groups=0(Iedereen),513(Geen),545(Gebruikers) Ok, check the *full* permissions using getfacl. You'll be surprised, probably... Don't forget that an ACL contains more than just three entries. Indeed: $ getfacl /cygdrive/c/autoexec.bak # file: /cygdrive/c/autoexec.bak # owner: tom # group: Geen user::rwx group::--- group:SYSTEM:rwx group:Administrators:rwx group:Gebruikers:r-x mask::--- other::--- There are four groups getting group permissions. Thanks for pointing this out as well. Jan. -- Jan Nieuwenhuizen [EMAIL PROTECTED] | GNU LilyPond - The music typesetter http://www.xs4all.nl/~jantien | http://www.lilypond.org -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Corinna Vinschen wrote: On Wed, Mar 06, 2002 at 01:56:07PM -0800, Andrew DeFaria wrote: OK then, seems to me that su might be implementable by using a service that runs as SYSTEM and takes requests to switch user from user A to user B. Possible? Sure. It's exactly the way the user switch is implemented in 2K/XP. So then su can be implemented in Cygwin. Regardless, to me it's still would be a large security hole if all one needs to do is: $ echo + ~/.rhosts to be able to abuse rsh to do something under somebody else's user ID is it not? It's the same on U*X. If you don't care for the permissions of your home directory you're out of luck. No it's not! As I've said repeatedly already a ~/.rhosts need not exist. Also, it does not seem to matter if my home directory is locked down or not. If user A wishs to login as user B and user A can create files in his own home directory (and even if he can't since the presence of ~usera/.rhosts is not required) all user A needs to do is use rsh with a -l userb parameter to execute commands as user B. This is not the same as on Unix. And rsh is a dangerous service anyway. If you don't want it, just remove the matching line in /etc/inetd.conf and use ssh. Ah but I *want* rsh. I just want it to work correctly. :-) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
At 10:44 AM 3/7/2002, Andrew DeFaria wrote: And rsh is a dangerous service anyway. If you don't want it, just remove the matching line in /etc/inetd.conf and use ssh. Ah but I *want* rsh. I just want it to work correctly. :-) OK, that's fair. Sounds like you have your work cut out for you though! ;-) Larry Hall [EMAIL PROTECTED] RFK Partners, Inc. http://www.rfk.com 838 Washington Street (508) 893-9779 - RFK Office Holliston, MA 01746 (508) 893-9889 - FAX -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Thu, Mar 07, 2002 at 07:44:22AM -0800, Andrew DeFaria wrote: Ah but I *want* rsh. I just want it to work correctly. :-) Patches gratefully accepted. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Andrew, On Thu, Mar 07, 2002 at 07:44:22AM -0800, Andrew DeFaria wrote: Corinna Vinschen wrote: And rsh is a dangerous service anyway. If you don't want it, just remove the matching line in /etc/inetd.conf and use ssh. Ah but I *want* rsh. I just want it to work correctly. :-) Could this be the cause? http://sources.redhat.com/ml/cygwin/2001-01/msg01052.html Jason -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Thu, Mar 07, 2002 at 12:29:11PM -0500, Jason Tishler wrote: Andrew, On Thu, Mar 07, 2002 at 07:44:22AM -0800, Andrew DeFaria wrote: Corinna Vinschen wrote: And rsh is a dangerous service anyway. If you don't want it, just remove the matching line in /etc/inetd.conf and use ssh. Ah but I *want* rsh. I just want it to work correctly. :-) Could this be the cause? http://sources.redhat.com/ml/cygwin/2001-01/msg01052.html It is. So, if somebody changes the pw_passwd field (which should contain the unused on nt/2k/xp entry, rsh behaves exactly is it does on a U*X system if a user has no password entry. Good to know. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Andrew, On Thu, Mar 07, 2002 at 10:34:42AM -0800, Andrew DeFaria wrote: Please do not email me directly - keep it only on the list. Hmm...didn't you just do a reply all? Or, was that to make a point? Sorry, but hitting g is just more natural than hitting L for me. If this is important to you, then please indicate this by setting your Reply-To. My mailer will honor your preference. Alternatively, I suggest using sometime like procmail to suppress dups. This is the technique that I use and I don't see any dups (unless I want to). Jason Tishler wrote: Could this be the cause? http://sources.redhat.com/ml/cygwin/2001-01/msg01052.html Ah! Good catch! Part of my setup scripts create a global password file. In that script I removed the unused_by_nt/2000/xp from the passwd file and left it blank. I guess it's not truly unused! I'm glad to be of assistance. Jason -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Wed, Mar 06, 2002 at 12:34:21AM +0100, Jan Nieuwenhuizen wrote: Hi, Just encountered this strange error message from login: 00:17:39 fred@appel:~$ ssh fred@abbicci Last login: Tue Mar 5 21:57:38 2002 from appel.flower Fanfare!!! You are successfully logged in to this server!!! fred@ABBICCI ~$ login root Password: Last login: Tue Mar 5 23:21:09 on tty2 Fanfare!!! You are successfully logged in to this server!!! login: no shell: /bin/bash: Permission denied fred@ABBICCI ~$ ls -l /bin/bash.exe -rwxr-xr-x1 Administ Geen 478720 Feb 19 19:14 /bin/bash.exe fred@ABBICCI ~$ who root tty2 Mar 5 23:21 fred@ABBICCI ~$ echo $USER fred fred@ABBICCI ~$ echo $LOGNAME fred fred@ABBICCI ~$ uname -a CYGWIN_NT-5.1 ABBICCI 1.3.10(0.51/3/2) 2002-02-25 11:14 i686 unknown ? But it worked anyway, so it seems. This is on a fresh, curr cygwin install. No, it didn't work. `who' isn't the right way to get your current user name, try `id'. Basically, login is doing the following: execlp(pwd-pw_shell, tbuf, 0); fprintf(stderr, login: no shell: ); perror(pwd-pw_shell); exit(0); So, if it couldn't execute the shell, it emits the above error message. The problem you're seeing results from your inability to change the user context. You can't do it, your account doesn't have the permission. That's normal. See /usr/doc/Cygwin/login.README. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Corinna Vinschen [EMAIL PROTECTED] writes: ? But it worked anyway, so it seems. This is on a fresh, curr cygwin install. No, it didn't work. The problem you're seeing results from your inability to change the user context. You can't do it, your account doesn't have the permission. Ok, thanks, you're right: fred@ABBICCI ~$ login root Password: Last login: Tue Mar 5 23:27:42 on tty2 Fanfare!!! You are successfully logged in to this server!!! login: no shell: /bin/bash: Permission denied fred@ABBICCI ~$ id uid=1009(fred) gid=513(Geen) groups=0(Iedereen),513(Geen),545(Gebruikers) That's normal. Hmm, so much for google. You adviced to use login before, http://www.cygwin.com/ml/cygwin/2001-03/msg00337.html have things changed since then? See /usr/doc/Cygwin/login.README. Under NT/2K/XP, login(1) is _not_ supposed to work on the command line to change user context! Though you're able to tweak user permissions to get login(1) working that way, that's NOT officially supported. Ok, so how *do* you change user context? Greetings, Jan. -- Jan Nieuwenhuizen [EMAIL PROTECTED] | GNU LilyPond - The music typesetter http://www.xs4all.nl/~jantien | http://www.lilypond.org -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Wed, Mar 06, 2002 at 11:20:48AM +0100, Jan Nieuwenhuizen wrote: Hmm, so much for google. You adviced to use login before, http://www.cygwin.com/ml/cygwin/2001-03/msg00337.html have things changed since then? No. Did you read that article carefully? I've wrote about special user rights needed... See /usr/doc/Cygwin/login.README. Under NT/2K/XP, login(1) is _not_ supposed to work on the command line to change user context! Though you're able to tweak user permissions to get login(1) working that way, that's NOT officially supported. Ok, so how *do* you change user context? Either start an sshd service or start inetd and allow telnet or rsh or rlogin. Then you can easily change user context by ssh'ing, telnet'ing, rsh'ing or rlogin'ing into your box under the other account. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Wed, Mar 06, 2002 at 12:53:33PM +0100, Jan Nieuwenhuizen wrote: Corinna Vinschen [EMAIL PROTECTED] writes: I've wrote about special user rights needed... Ok, so while using login instead of su is possible in some cases (it seems windows xp is not one of them), easiest is using ssh. These user rights are by default only given to SYSTEM regardless of the NT version. XP differs only by requiring less of these user rights in one of the needed system calls. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Corinna Vinschen wrote: No, it didn't work. `who' isn't the right way to get your current user name, try `id'. Basically, login is doing the following: execlp(pwd-pw_shell, tbuf, 0); fprintf(stderr, login: no shell: ); perror(pwd-pw_shell); exit(0); So, if it couldn't execute the shell, it emits the above error message. The problem you're seeing results from your inability to change the user context. You can't do it, your account doesn't have the permission. That's normal. See /usr/doc/Cygwin/login.README. You imply that somebody has the ability to change user context! If so then who is that somebody (USER)? It's my understanding that the only thing(s) that use login are things like telnet/rlogin/rsh. Frustrated by the lack of su(1M)! Oh, BTW, here's a potential security problem: $ rsh hosta id uid=1370(adefaria) gid=513(Domain Users) groups=0(Everyone),512(Domain Admins),513(Domain Users),1170(Everybody),1382(ITSupport),1354(Operations),1331(Software) $ rsh hosta -l otheruser id uid=1269(otheruser) gid=513(Domain Users) groups=0(Everyone),513(Domain Users),1203(Engineering),1170(Everybody),2171(Product Team),1215(Service Group),1331(Software),1298(TDM Group) How did I rsh as another user and not be prompted for a password? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
On Wed, Mar 06, 2002 at 11:12:11AM -0800, Andrew DeFaria wrote: You imply that somebody has the ability to change user context! If so then who is that somebody (USER)? I have to tell that each week (day?) again, apparently. It's SYSTEM. It's my understanding that the only thing(s) that use login are things like telnet/rlogin/rsh. Frustrated by the lack of su(1M)! Did you ever try to understand NT security? Otherwise you would know know the cause for this restriction. It's exceptionally not because we're mean! Oh, BTW, here's a potential security problem: $ rsh hosta id uid=1370(adefaria) gid=513(Domain Users) groups=0(Everyone),512(Domain Admins),513(Domain Users),1170(Everybody),1382(ITSupport),1354(Operations),1331(Software) $ rsh hosta -l otheruser id uid=1269(otheruser) gid=513(Domain Users) groups=0(Everyone),513(Domain Users),1203(Engineering),1170(Everybody),2171(Product Team),1215(Service Group),1331(Software),1298(TDM Group) How did I rsh as another user and not be prompted for a password? Because you have an .rhosts file? I assume you know how rsh works on U*X systems, don't you? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Corinna Vinschen wrote: On Wed, Mar 06, 2002 at 11:12:11AM -0800, Andrew DeFaria wrote: You imply that somebody has the ability to change user context! If so then who is that somebody (USER)? I have to tell that each week (day?) again, apparently. It's SYSTEM. Sorry, I saw that the very next post. So then is it possible to login(1) as SYSTEM then use login(1) to switch user? Probably not because you (i.e. not the other user nor SYSTEM) can't use login to switch user to SYSTEM. OK then, seems to me that su might be implementable by using a service that runs as SYSTEM and takes requests to switch user from user A to user B. Possible? It's my understanding that the only thing(s) that use login are things like telnet/rlogin/rsh. Frustrated by the lack of su(1M)! Did you ever try to understand NT security? Only briefly I glanced over it. Honestly I do not wish to be an NT security expert. Otherwise you would know know the cause for this restriction. It's exceptionally not because we're mean! Did I say you were mean? Oh, BTW, here's a potential security problem: $ rsh hosta id uid=1370(adefaria) gid=513(Domain Users) groups=0(Everyone),512(Domain Admins),513(Domain Users),1170(Everybody),1382(ITSupport),1354(Operations),1331(Software) $ rsh hosta -l otheruser id uid=1269(otheruser) gid=513(Domain Users) groups=0(Everyone),513(Domain Users),1203(Engineering),1170(Everybody),2171(Product Team),1215(Service Group),1331(Software),1298(TDM Group) How did I rsh as another user and not be prompted for a password? Because you have an .rhosts file? I assume you know how rsh works on U*X systems, don't you? No need to get condesending here Corinna! I know how rsh works! My first shot at it had a ~/.rhosts file but just before I posted I said to myself that I should verify this is still a problem without a ~/.rhosts so I moved it aside and reproduced exactly the same problem. Regardless, to me it's still would be a large security hole if all one needs to do is: $ echo + ~/.rhosts to be able to abuse rsh to do something under somebody else's user ID is it not? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Peter Buckley wrote: Regardless, to me it's still would be a large security hole if all one needs to do is: $ echo + ~/.rhosts to be able to abuse rsh to do something under somebody else's user ID is it not? rsh is inherently insecure. Attempts to make it secure are not worthwhile (in fact, they tend to break rsh). Especially in the land of NT insecurity, trying to make rsh secure simply makes it unusable. What are you talking about?!? It's simple, if rsh is called with the -l parameter (assuming the it's not -l current user) then prompt for a password. If that's not doable then fail with an error message of some sort. But lord's sakes laddy! Don't just let them walk in! :-) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: login: no shell: /bin/bash: Permission denied
Corinna Vinschen [EMAIL PROTECTED] writes: These user rights are by default only given to SYSTEM regardless of the NT version. XP differs only by requiring less of these user rights in one of the needed system calls. Ok, but I can't seem to add specific rights to users with this version of windows xp (home edition). You can give a user administrator rights (whatever set of rights that is), or not. Is this another toy operating system after all? Anyway, the su alias using ssh works fine; too bad that noone responded on *that*, while it seems that everyone needs su. Jan. -- Jan Nieuwenhuizen [EMAIL PROTECTED] | GNU LilyPond - The music typesetter http://www.xs4all.nl/~jantien | http://www.lilypond.org -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
login: no shell: /bin/bash: Permission denied
Hi, Just encountered this strange error message from login: 00:17:39 fred@appel:~$ ssh fred@abbicci Last login: Tue Mar 5 21:57:38 2002 from appel.flower Fanfare!!! You are successfully logged in to this server!!! fred@ABBICCI ~$ login root Password: Last login: Tue Mar 5 23:21:09 on tty2 Fanfare!!! You are successfully logged in to this server!!! login: no shell: /bin/bash: Permission denied fred@ABBICCI ~$ ls -l /bin/bash.exe -rwxr-xr-x1 Administ Geen 478720 Feb 19 19:14 /bin/bash.exe fred@ABBICCI ~$ who root tty2 Mar 5 23:21 fred@ABBICCI ~$ echo $USER fred fred@ABBICCI ~$ echo $LOGNAME fred fred@ABBICCI ~$ uname -a CYGWIN_NT-5.1 ABBICCI 1.3.10(0.51/3/2) 2002-02-25 11:14 i686 unknown ? But it worked anyway, so it seems. This is on a fresh, curr cygwin install. Jan. -- Jan Nieuwenhuizen [EMAIL PROTECTED] | GNU LilyPond - The music typesetter http://www.xs4all.nl/~jantien | http://www.lilypond.org -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
