Using Cygwin

Using Cygwin Why can't my application locate cygncurses-8.dll? or cygintl-3.dll? or cygreadline6.dll? or ...? Well, something has gone wrong somehow... To repair the damage, you must run Cygwin Setup again, and re-install the package which provides the missing DLL package. If you already installed the package at one point, Cygwin Setup won't show the option to install the package by default. In the ``Select packages to install'' dialog, click on the Full/Part button. This lists all packages, even those that are already installed. Scroll down to locate the missing package, for instance libncurses8. Click on the ``cycle'' glyph until it says ``Reinstall''. Continue with the installation. For a detailed explanation of the general problem, and how to extend it to other missing DLLs and identify their containing packages, see . Starting a new terminal window is slow. What's going on? There are many possible causes for this. If your terminal windows suddenly began starting slowly after a Cygwin upgrade, it may indicate issues in the authentication setup. For almost all its lifetime, Cygwin has used Unix-like /etc/passwd and /etc/group files to mirror the contents of the Windows SAM and AD databases. Although these files can still be used, since Cygwin 1.7.34, new installations now use the SAM/AD databases directly. To switch to the new method, move these two files out of the way and restart the Cygwin terminal. That runs Cygwin in its new default mode. If you are on a system that isn't using AD domain logins, this makes Cygwin use the native Windows SAM database directly, which may be faster than the old method involving /etc/passwd and such. At worst, it will only be a bit slower. (The speed difference you see depends on which benchmark you run.) For the AD case, it can be slower than the old method, since it is trading a local file read for a network request. Version 1.7.35 will reduce the number of AD server requests the DLL makes relative to 1.7.34, with the consequence that you will now have to alter /etc/nsswitch.conf in order to change your Cygwin home directory, instead of being able to change it from the AD configuration. If you are still experiencing very slow shell startups, there are a number of other things you can look into: One common cause of slow Cygwin Terminal starts is a bad DNS setup. This particularly affects AD clients, but there may be other things in your Cygwin startup that depend on getting fast answers back from a network server. Keep in mind that this may affect Cygwin even when the domain controller is on the same machine as Cygwin, or is on a nearby server. A bad DNS server IP can cause long delays while the local TCP/IP stack times out on a connection to a server that simply isn't there, for example. Another cause for AD client system is slow DC replies, commonly observed in configurations with remote DC access. The Cygwin DLL queries information about every group you're in to populate the local cache on startup. You may speed up this process a little by caching your own information in local files. Run these commands in a Cygwin terminal with write access to /etc: getent passwd $(id -u) > /etc/passwd getent group $(id -G) > /etc/group Also, set /etc/nsswitch.conf as follows: passwd: files db group: files db This will limit the need for Cygwin to contact the AD domain controller (DC) while still allowing for additional information to be retrieved from DC, such as when listing remote directories. Either in addition to the previous item or instead of it, you can run cygserver as a local caching service to speed up DC requests. Cygwin programs will check with cygserver before trying to query the DC directly. A less preferable option is to create a static read-only cache of the authentication data. This is the old-fashioned method of making Cygwin integrate with AD, the only method available in releases before 1.7.34. To do this, run mkpasswd and mkgroup, then put the following into /etc/nsswitch.conf to make Cygwin treat these files as the only sources of user and group information: passwd: files group: files By leaving out the db option, we are telling the Cygwin DLL not to even try to do AD lookups. If your AD servers are slow, this local cache will speed things up. The downside is that you open yourself up to the stale cache problem: any time the AD databases change, your local cache will go out of date until you update the files manually. If none of the above helps, the best troubleshooting method is to run your startup scripts in debug mode. Right-click your Cygwin Terminal icon, go to Properties, and edit the command. It should be something like C:\cygwin\bin\mintty.exe -i /Cygwin-Terminal.ico -. Assuming you are using Bash for your login shell, change it to C:\cygwin\bin\mintty /bin/bash -lx then try running Cygwin Terminal again. The option tells Bash to write every command it runs to the terminal before launching it. If the terminal immediately starts filling with lines of text but then pauses, the line where the output paused is your clue as to what's going on. The Cygwin DLL proper probably isn't the cause of the slowdown in this case, since those delays happen before the first line of text appears in the terminal. Why is Cygwin suddenly so slow? If suddenly every command takes a very long time, then something is probably attempting to access a network share. You may have the obsolete //c notation in your PATH or startup files. Using //c means to contact the network server c, which will slow things down tremendously if it does not exist. Why can't my services access network shares? If your service is one of those which switch the user context (sshd, inetd, etc), then it depends on the method used to switch to another user. This problem as well as its solution is described in detail in the Cygwin User's Guide, see . Workarounds include using public network share that does not require authentication (for non-critical files), providing your password to a net use command, or running the service as your own user with cygrunsrv -u (see /usr/share/doc/Cygwin/cygrunsrv.README for more information). How should I set my PATH? This is done for you in the file /etc/profile, which is sourced by bash when you start it from the Desktop or Start Menu shortcut, created by setup.exe. The line is PATH="/usr/local/bin:/usr/bin:/bin:$PATH" Effectively, this prepends /usr/local/bin and /usr/bin to your Windows system path. If you choose to reset your PATH, say in $HOME/.bashrc, or by editing etc/profile directly, then you should follow this rule. You must have /usr/bin in your PATH before any Windows system directories. (And you must not omit the Windows system directories!) Otherwise you will likely encounter all sorts of problems running Cygwin applications. If you're using another shell than bash (say, tcsh), the mechanism is the same, just the names of the login scripts are different. Bash (or another shell) says "command not found", but it's right there! If you compile a program, you might find that you can't run it: bash$ gcc -o hello hello.c bash$ hello bash: hello: command not found Unlike the Windows default behaviour, Unix shells like bash do not look for programs in . (the current directory) by default. You can add . to your PATH (see above), but this is not recommended (at least on UNIX) for security reasons. Just tell bash where to find it, when you type it on the command line: bash$ gcc -o hello hello.c bash$ ./hello Hello World! How do I convert between Windows and UNIX paths? Use the 'cygpath' utility. Type 'cygpath --help' for information. For example (on my installation): bash$ cygpath --windows ~/.bashrc D:\starksb\.bashrc bash$ cygpath --unix C:/cygwin/bin/ls.exe /usr/bin/ls.exe bash$ cygpath --unix C:\\cygwin\\bin\\ls.exe /usr/bin/ls.exe Note that bash interprets the backslash '\' as an escape character, so you must type it twice in the bash shell if you want it to be recognized as such. Why doesn't bash read my .bashrc file on startup? Your .bashrc is read from your home directory specified by the HOME environment variable. It uses /.bashrc if HOME is not set. So you need to set HOME (and the home dir in your passwd account information) correctly. How can I get bash filename completion to be case insensitive? Add the following to your ~/.bashrc file: shopt -s nocaseglob and add the following to your ~/.inputrc file: set completion-ignore-case on Can I use paths/filenames containing spaces in them? Cygwin does support spaces in filenames and paths. That said, some utilities that use the library may not, since files don't typically contain spaces in Unix. If you stumble into problems with this, you will need to either fix the utilities or stop using spaces in filenames used by Cygwin tools. In particular, bash interprets space as a word separator. You would have to quote a filename containing spaces, or escape the space character. For example: bash-2.03$ cd '/cygdrive/c/Program Files' or bash-2.03$ cd /cygdrive/c/Program\ Files Why can't I cd into a shortcut to a directory? Cygwin does not follow MS Windows Explorer Shortcuts (*.lnk files). It sees a shortcut as a regular file and this you cannot "cd" into it. Cygwin is also capable to create POSIX symlinks as Windows shortcuts (see the CYGWIN environment variable option "winsymlinks"), but these shortcuts are different from shortcuts created by native Windows applications. Windows applications can usually make use of Cygwin shortcuts but not vice versa. This is by choice. The reason is that Windows shortcuts may contain a bunch of extra information which would get lost, if, for example, Cygwin tar archives and extracts them as symlinks. Changing a Cygwin shortcut in Windows Explorer usually changes a Cygwin shortcut into a Windows native shortcut. Afterwards, Cygwin will not recognize it as symlink anymore. I'm having basic problems with find. Why? Make sure you are using the find that came with Cygwin and that you aren't picking up the Win32 find command instead. You can verify that you are getting the right one by doing a "type find" in bash. If the path argument to find, including current directory (default), is itself a symbolic link, then find will not traverse it unless you specify the -follow option. This behavior is different than most other UNIX implementations, but is not likely to change. If find does not seem to be producing enough results, or seems to be missing out some directories, you may be experiencing a problem with one of find's optimisations. The absence of . and .. directories on some filesystems, such as DVD-R UDF, can confuse find. See the documentation for the option -noleaf in the man page. Why doesn't su work? The su command has been in and out of Cygwin distributions, but it has not been ported to Cygwin and has never worked. It is currently installed as part of the sh-utils, but again, it does not work. You should rather install sshd and use ssh username@localhost as a su replacement. For some technical background into why su doesn't work, read and related messages. Why doesn't man -k, apropos or whatis work? Before you can use man -k, apropos or whatis, you must create the whatis database. Just run the command mandb (it may take a few minutes to complete). Why doesn't chmod work? If you're using FAT32 instead of NTFS, chmod will fail since FAT32 does not provide any permission information. You should really consider converting the drive to NTFS with CONVERT.EXE. FAT and FAT32 are barely good enough for memory cards or USB sticks to exchange pictures... For other cases, understand that Cygwin attempts to show UNIX permissions based on the security features of Windows, so the Windows ACLs are likely the source of your problem. See the Cygwin User's Guide at for more information on how Cygwin maps Windows permissions. Why doesn't my shell script work? There are two basic problems you might run into. One is the fact that /bin/sh is really bash. It could be missing some features you might expect in /bin/sh, if you are used to /bin/sh actually being zsh (MacOS X "Panther") or ksh (Tru64). Or, it could be a permission problem, and Cygwin doesn't understand that your script is executable. On NTFS or NFS just make the script executable using chmod +x. However, chmod may not work due to restrictions of the filesystem (see FAQ entry above). In this case Cygwin must read the contents of files to determine if they are executable. If your script does not start with #! /bin/sh (or any path to a script interpreter, it does not have to be /bin/sh) then Cygwin will not know it is an executable script. The Bourne shell idiom : # This is the 2nd line, assume processing by /bin/sh also works. Note that you can use the filesystem flag cygexec in /etc/fstab to force Cygwin to treat all files under the mount point as executable. This can be used for individual files as well as directories. Then Cygwin will not bother to read files to determine whether they are executable. How do I print under Cygwin? lpr is available in the cygutils package. Some usage hints are available courtesy of Rodrigo Medina. Jason Tishler has written a couple of messages that explain how to use a2ps (for nicely formatted text in PostScript) and ghostscript (to print PostScript files on non-PostScript Windows printers). Start at . Note that these are old mails and a2ps as well as file are long available as part of the Cygwin distribution. Alternatively, you can use the Windows print command. Type bash$ print /\? for usage instructions (note the ? must be escaped from the shell). Finally, you can simply cat the file to the printer's share name: bash$ cat myfile > //host/printer You may need to press the formfeed button on your printer or append the formfeed character to your file. Why don't international (Unicode) characters work? Internationalization is a complex issue. The short answer is that Cygwin relies on the setting of the setting of LANG/LC_xxx environment variables. The long answer can be found in the User's Guide in the section Internationalization Cygwin uses UTF-8 by default. To use a different character set, you need to set the LC_ALL, LC_CTYPE or LANG environment variables. My application prints international characters but I only see gray boxes In the case of Cygwin programs, this likely means that the character set as determined by the LC_ALL, LC_CTYPE or LANG environment variables does not match the one set on the Text page of the Cygwin Terminal's options. Setting the locale in the terminal's options will set the LANG variable accordingly. Non-Cygwin programs in the Cygwin Terminal do not usually take heed of the locale environment variables. Instead, they often use the so-called console codepage, which can be determined with the command cmd /c chcp followed by the appropriate Windows codepage number. The codepage number for Cygwin's default UTF-8 character set is 65001. Is it OK to have multiple copies of the DLL? Yes, as long as they are used in strictly separated installations. The Cygwin DLL has to handle various sharing situations between multiple processes. It has to keep a process table. It has to maintain a mount table which is based on the installation path of the Cygwin DLL. For that reason, the Cygwin DLL maintains shared resources based on a hash value created from its own installation path. Each Cygwin DLL on the machine constitutes a Cygwin installation, with the directory the Cygwin DLL resides in treated as "/bin", the parent directory as "/". Therefore, you can install two or more separate Cygwin distros on a single machine. Each of these installations use their own Cygwin DLL, and they don't share the default POSIX paths, nor process tables, nor any other shared resource used to maintain the installation. However, a clean separation requires that you don't try to run executables of one Cygwin installation from processes running in another Cygwin installation. This may or may not work, but the chances that the result is not what you expect are pretty high. If you get the error "shared region is corrupted" or "shared region version mismatch" it means you have multiple versions of cygwin1.dll running at the same time which conflict with each other. Apart from mixing executables of different Cygwin installations, this could also happen if you have one a single Cygwin installation, for example, if you update the Cygwin package without exiting all Cygwin apps (including services like sshd) beforehand. The only DLL that is sanctioned by the Cygwin project is the one that you get by running setup-x86.exe or setup-x86_64.exe, installed in a directory controlled by this program. If you have other versions on your system and desire help from the cygwin project, you should delete or rename all DLLs that are not installed by setup.exe. If you're trying to find multiple versions of the DLL that are causing this problem, reboot first, in case DLLs still loaded in memory are the cause. Then use the Windows System find utility to search your whole machine, not just components in your PATH (as 'type' would do) or cygwin-mounted filesystems (as Cygwin 'find' would do). I read the above but I want to bundle Cygwin with a product, and ship it to customer sites. How can I do this without conflicting with any Cygwin installed by the user? Usually, if you keep your installation separate, nothing bad should happen. However, for the user's convenience, and to avoid potential problems which still can occur, consider to integrate your product with an already existing Cygwin installation on the user's machine, or, if there is none, consider to install the official Cygwin distro on behalf of the user and integrate your tools from there. (If you write a tool to make this easy, consider contributing it for others to use) Can I bundle Cygwin with my product for free? Starting with Cygwin version 2.5.2, which is LGPL licensed, yes, albeit it's not recommended for interoperability reasons. Cygwin versions prior to 2.5.2 were GPL licensed. If you choose to distribute an older cygwin1.dll, you must be willing to distribute the exact source code used to build that copy of cygwin1.dll as per the terms of the GPL. If you ship applications that link with older cygwin1.dll, you must provide those applications' source code under a GPL-compatible license. But doesn't that mean that if some application installs an older Cygwin DLL on top of a newer DLL, my application will break? It depends on what you mean by "break". If the application installs a version of the Cygwin DLL in another location than Cygwin's /bin directory then the rules in apply. If the application installs an older version of the DLL in /bin then you should complain loudly to the application provider. Remember that the Cygwin DLL strives to be backwards compatible so a newer version of the DLL should always work with older executables. So, in general, it is always best to keep one version of the DLL on your system and it should always be the latest version which matches your installed distribution. Why isn't package XYZ available in Cygwin? Probably because there is nobody willing or able to maintain it. It takes time, and the priority for the Cygwin Team is the Cygwin package. The rest is a volunteer effort. Want to contribute? See . Why is the Cygwin package of XYZ so out of date? (Also: Why is the version of package XYZ older than the version that I can download from the XYZ web site? Why is the version of package XYZ older than the version that I installed on my linux system? Is there something special about Cygwin which requires that only an older version of package XYZ will work on it?) Every package in the Cygwin distribution has a maintainer who is responsible for sending out updates of the package. This person is a volunteer who is rarely the same person as the official developer of the package. If you notice that a version of a package seems to be out of date, the reason is usually pretty simple -- the person who is maintaining the package hasn't gotten around to updating it yet. Rarely, the newer package actually requires complex changes that the maintainer is working out. If you urgently need an update, sending a polite message to the cygwin mailing list pinging the maintainer is perfectly acceptable. There are no guarantees that the maintainer will have time to update the package or that you'll receive a response to your request, however. Remember that the operative term here is "volunteer". How can I access other drives? You have some flexibility here. Cygwin has a builtin "cygdrive prefix" for drives that are not mounted. You can access any drive, say Z:, as '/cygdrive/z/'. In some applications (notably bash), you can use the familiar windows <drive>:/path/, using posix forward-slashes ('/') instead of Windows backward-slashes ('\'). (But see the warning below!) This maps in the obvious way to the Windows path, but will be converted internally to use the Cygwin path, following mounts (default or explicit). For example: bash$ cd C:/Windows bash$ pwd /cygdrive/c/Windows and bash$ cd C:/cygwin bash$ pwd / for a default setup. You could also use backward-slashes in the Windows path, but these would have to be escaped from the shell. Warning: There is some ambiguity in going from a Windows path to the posix path, because different posix paths, through different mount points, could map to the same Windows directory. This matters because different mount points may be binmode or textmode, so the behavior of Cygwin apps will vary depending on the posix path used to get there. You can avoid the ambiguity of Windows paths, and avoid typing "/cygdrive", by explicitly mounting drives to posix paths. For example: bash$ mkdir /c bash$ mount c:/ /c bash$ ls /c Then /cygdrive/c/Windows becomes /c/Windows which is a little less typing. Note that you have to enter the mount point into the /etc/fstab file to keep it indefinitely. The mount command will only add the mount point for the lifetime of your current Cygwin session. You can change the default cygdrive prefix and whether it is binmode or textmode using the /etc/fstab file as well. See the Cygwin User's Guide at for more details. How can I copy and paste into Cygwin console windows? First, consider using mintty instead of the standard console window. In mintty, selecting with the left-mouse also copies, and middle-mouse pastes. It couldn't be easier! In Windows's console window, open the properties dialog. The options contain a toggle button, named "Quick edit mode". It must be ON. Save the properties. You can also bind the insert key to paste from the clipboard by adding the following line to your .inputrc file: "\e[2~": paste-from-clipboard What firewall should I use with Cygwin? We have had good reports about Kerio Personal Firewall, ZoneLabs Integrity Desktop, and the Windows built-in firewall. Other well-known products including ZoneAlarm and Norton Internet Security have caused problems for some users but work fine for others. At last report, Agnitum Outpost did not work with Cygwin. If you are having strange connection-related problems, disabling the firewall is a good troubleshooting step (as is closing or disabling all other running applications, especially resource-intensive processes such as indexed search). On the whole, Cygwin doesn't care which firewall is used. The few rare exceptions have to do with socket code. Cygwin uses sockets to implement many of its functions, such as IPC. Some overzealous firewalls install themselves deeply into the winsock stack (with the 'layered service provider' API) and install hooks throughout. Sadly the mailing list archives are littered with examples of poorly written firewall-type software that causes things to break. Note that with many of these products, simply disabling the firewall does not remove these changes; it must be completely uninstalled. See also for a list of applications that have been known, at one time or another, to interfere with the normal functioning of Cygwin. Is Cygwin case-sensitive?? Several Unix programs expect to be able to use to filenames spelled the same way, but with different case. A prime example of this is perl's configuration script, which wants Makefile and makefile. Windows can't tell the difference between files with just different case, so the configuration fails. To help with this problem, Cygwin supports case sensitivity. For a detailed description how to use that feature see the Cygwin User's Guide at . What about DOS special filenames? In Windows, files cannot be named com1, lpt1, or aux (to name a few); either as the root filename or as the extension part. If you do, you'll have trouble. Unix programs don't avoid these names which can make things interesting. E.g., the perl distribution has a file called aux.sh. The perl configuration tries to make sure that aux.sh is there, but an operation on a file with the magic letters 'aux' in it will hang. At least that's what happens when using native Windows tools. Cygwin can deal with these filenames just fine. Again, see the User's Guide at for a detailed description of what's possible with filenames and what is not. When it hangs, how do I get it back? If something goes wrong and the tools hang on you for some reason (easy to do if you try and read a file called aux.sh), first try hitting ^C to return to bash or the cmd prompt. If you start up another shell, and applications don't run, it's a good bet that the hung process is still running somewhere. Use the Task Manager, pview, or a similar utility to kill the process. And, if all else fails, there's always the reset button/power switch. In theory this should never be necessary, though. Why the weird directory structure? Why do /lib and /usr/lib (and /bin, /usr/bin) point to the same thing? Why use mounts instead of symbolic links? Can I use a disk root (e.g., C:\) as Cygwin root? Why is this discouraged? After a new installation in the default location, your mount points will look something like this: bash$ mount C:\cygwin\bin on /usr/bin type ntfs (binary,auto) C:\cygwin\lib on /usr/lib type ntfs (binary,auto) C:\cygwin on / type ntfs (binary,auto) C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto) Note that /bin and /usr/bin point to the same location, as do /lib and /usr/lib. This is intentional, and you should not undo these mounts unless you really know what you are doing. Various applications and packages may expect to be installed in /lib or /usr/lib (similarly /bin or /usr/bin). Rather than distinguish between them and try to keep track of them (possibly requiring the occasional duplication or symbolic link), it was decided to maintain only one actual directory, with equivalent ways to access it. Symbolic links had been considered for this purpose, but were dismissed because they do not always work on Samba drives. Also, mounts are faster to process because no disk access is required to resolve them. Note that non-cygwin applications will not observe Cygwin mounts (or symlinks for that matter). For example, if you use WinZip to unpack the tar distribution of a Cygwin package, it may not get installed to the correct Cygwin path. So don't do this! It is strongly recommended not to make the Cygwin root directory the same as your drive's root directory, unless you know what you are doing and are prepared to deal with the consequences. It is generally easier to maintain the Cygwin hierarchy if it is isolated from, say, C:\. For one thing, you avoid possible collisions with other (non-cygwin) applications that may create (for example) \bin and \lib directories. (Maybe you have nothing like that installed now, but who knows about things you might add in the future?) How do anti-virus programs like Cygwin? Users have reported that NAI (formerly McAfee) VirusScan for NT (and others?) is incompatible with Cygwin. This is because it tries to scan the newly loaded shared memory in cygwin1.dll, which can cause fork() to fail, wreaking havoc on many of the tools. (It is not confirmed that this is still a problem, however.) There have been several reports of NAI VirusScan causing the system to hang when unpacking tar.gz archives. This is surely a bug in VirusScan, and should be reported to NAI. The only workaround is to disable VirusScan when accessing these files. This can be an issue during setup, and is discussed in that FAQ entry. Some users report a significant performance hit using Cygwin when their anti-virus software is enabled. Rather than disable the anti-virus software completely, it may be possible to specify directories whose contents are exempt from scanning. In a default installation, this would be C:\cygwin\bin. Obviously, this could be exploited by a hostile non-Cygwin program, so do this at your own risk. See also for a list of applications that have been known, at one time or another, to interfere with the normal functioning of Cygwin. Is there a Cygwin port of GNU Emacs? Yes. Install the emacs package. This provides everything you need in order to run GNU emacs in a terminal window. If you also want to be able to use the X11 () GUI, install the emacs-X11 package. In either case, you run emacs by typing 'emacs' or '/usr/bin/emacs'. Is there a Cygwin port of XEmacs? Yes. It can be used in three different modes: X11 () GUI You have to set the DISPLAY environment variable before starting xemacs. bash$ DISPLAY=127.0.0.1:0 xemacs & Windows native GUI You have to unset the DISPLAY environment variable before starting xemacs. bash$ DISPLAY= xemacs & Console mode Start xemacs with -nw in a terminal (native or X11) window bash$ xemacs -nw To use all the standard packages with XEmacs you should download the following two packages: xemacs-sumo - XEmacs standard packages xemacs-mule-sumo - XEmacs MULE (MUlti Lingual Emacs) packages Why don't some of my old symlinks work anymore? Cygwin supports multiple character sets. Symlinks created with Cygwin are using the UTF-16 character set, which is portable across all character sets. Old symlinks were written using your current Windows codepage, which is not portable across all character sets. If the target of the symlink doesn't resolve anymore, it's very likely that the symlink points to a target filename using native, non-ASCII characters, and you're now using another character set than way back when you created the symlink. Solution: Delete the symlink and create it again under you new Cygwin. The new symlink will be correctly point to the target no matter what character set you're using in future. Why don't symlinks work on Samba-mounted filesystems? Symlinks are marked with "system" file attribute. Samba does not enable this attribute by default. To enable it, consult your Samba documentation and then add these lines to your samba configuration file: map system = yes create mask = 0775 Note that the 0775 can be anything as long as the 0010 bit is set. Alternatively, use Windows shortcuts as symlinks. See the CYGWIN environment variable option "winsymlinks" How do I setup sshd in a domain? If you want to be able to logon with domain accounts to a domain member machine, you should make sure that the "cyg_server" account under which the sshd service is usually running, is a domain account. Otherwise you might end up with weird problems. For instance, sshd might fail to load the child process when trying to login with a domain account. A potential, confirmed error message is *** fatal error - unable to load user32.dll, Win32 error 1114 . Here's how you set up a sshd with a domain service account. First of all, create a new domain account called "cyg_server". This account must be an administrative account, so make sure it's in the "Administrators" group. Now create a domain policy which is propagated to all machines which are supposed to run an sshd service. This domain policy should give the following user rights to the "cyg_server" account: Act as part of the operating system (SeTcbPrivilege) Create a token object (SeCreateTokenPrivilege) Replace a process level token (SeAssignPrimaryTokenPrivilege) Now to install sshd on the member machine, logon to that machine as an admin. Make sure the aforementioend global policy has been propagated to this machine. Examine the Local Security Policy settings and, if necessary, call gpupdate. If everything looks ok, run bash. Starting with Windows Vista, make sure you're running bash elevated. Then run ssh-host-config. Answer all questions so that "cyg_server" is used to run the service. When done, check ownership of /var/empty and all /etc/ssh* files. All of them must be owned by "cyg_server". If that's ok, you're usually all set and you can start the sshd service via $ cygrunsrv -S sshd or $ net start sshd Why does public key authentication with ssh fail after updating to Cygwin 1.7.34 or later? This is the result of fixing a long-standing security problem in Cygwin's POSIX ACL handling. IEEE 1003.1e draft 17 defines that the permissions of secondary user and group entries in an ACL are reflected in the group permission mask by or'ing the permissions of the file's primary group with all permissions of secondary users and groups in the ACL. The background is that this way the standard POSIX permission bits reflect the fact that somebody else has additional, otherwise potentially invisible permissions on the file. This relatively complex interface has been defined in order to ensure that applications that are compliant with IEEE 1003.1 (“POSIX.1”) will still function as expected on systems with ACLs. So, what does that mean for your situation? Typically this means the private key file, for instance ~/.ssh/id_rsa, has too open permissions. OpenSSH expects the permissions of the private key file to be 0600. Let's use the default SSH2 RSA keyfile as example: $ ls -l .ssh/id_rsa -rw------- 1 user group 1766 Aug 26 2013 .ssh/id_rsa However, if other accounts can read the file, the key is potentially compromised. Consider the file has additional rw- permissions for a group bad_guys. Up to Cygwin 1.7.33 that would have looked like this: $ ls -l .ssh/id_rsa -rw-------+ 1 user group 1766 Aug 26 2013 .ssh/id_rsa Notice the extra + character following the permission string. This shows that additional ACL entries are in the ACL. But an application only checking the POSIX permission bits (and ssh is one of them!), will not notice the fact, because it gets the permissions 0600 for the file. Starting with Cygwin 1.7.34, the extra permissions are reflected in the group permission bits per IEEE 1003.1e draft 17: $ ls -l .ssh/id_rsa -rw-rw----+ 1 user group 1766 Aug 26 2013 .ssh/id_rsa So now ssh will notice that the file has extra permissions and it will complain. The same problem occurs if the file ~/.ssh/authorized_keys has too open permissions. On the client side you won't get any helping text, though, other than that you're suddenly asked for a password. That's a rather good hint to have a closer look at the server's ~/.ssh/authorized_keys file. To fix the permissions of your private key file or your ~/.ssh/authorized_keys file, simply use the setfacl command with the -b option. This removes all additional ACL entries and thus fixes the permissions to be not too open: $ ls -l .ssh/id_rsa -rw-rw----+ 1 user group 1766 Aug 26 2013 .ssh/id_rsa $ setfacl -b .ssh/id_rsa $ ls -l .ssh/id_rsa -rw------- 1 user group 1766 Aug 26 2013 .ssh/id_rsa If the second ls command still gives you -rw-rw---- permissions after running the above commands, it is proably because the file's primary group is your user's personal group: $ ls -l .ssh/id_rsa -rw-rw---- 1 Fred Fred 1766 Aug 26 2013 .ssh/id_rsa Since the Windows security system treats groups and users as much the same thing, a change to the user or group permissions on such a file reflects the change to both user and group. In effect, mode 0600 becomes mode 0660. Because we are saying we want these files to be readable only by our user, the fix for this is easy: $ chgrp `id -g` ~/.ssh/* That resets the group on these files to your default group which should be something like Users, depending on your local configuration. If that doesn't work, you can try something like this instead: $ chgrp None ~/.ssh/* That group always exists, but its name is different on non-English versions of Windows. You might also want to use a domain group instead of a local group if your site uses Windows domains. For example, you might want to use the Domain Users group instead. For more information on setfacl, see Why is my .rhosts file not recognized by rlogin anymore after updating to Cygwin 1.7.34? The problem is exactly the same as with the key files of SSH. See . The solution is the same: $ ls -l .rhosts -rw-rw----+ 1 user group 42 Nov 12 2010 .rhosts $ setfacl -b .rhosts $ ls -l .rhosts -rw------- 1 user group 42 Nov 12 2010 .rhosts Why do my files have extra permissions after updating to Cygwin 1.7.34? The problem is exactly the same as with the key files of SSH. See . The solution is the same: $ ls -l * -rw-rwxr--+ 1 user group 42 Nov 12 2010 file1 -rw-rwxr--+ 1 user group 42 Nov 12 2010 file2 $ setfacl -b * $ ls -l * -rw-r--r-- 1 user group 42 Nov 12 2010 file1 -rw-r--r-- 1 user group 42 Nov 12 2010 file2 You may find that newly-created files also have unexpected permissions: $ touch foo $ ls -l foo -rw-rwxr--+ 1 user group 42 Nov 12 2010 foo This probably means that the directory in which you're creating the files has unwanted default ACL entries that are inherited by newly-created files and subdirectories. The solution is again the same: $ setfacl -b . $ touch bar $ ls -l bar -rw-r--r-- 1 user group 42 Nov 12 2010 bar Why do my Tk programs not work anymore? Previous versions of Tcl/Tk distributed with Cygwin (e.g. tclsh84.exe, wish84.exe) were not actually "Cygwin versions" of those tools. They were built as native libraries, which means they did not understand Cygwin mounts or symbolic links. This lead to all sorts of problems interacting with true Cygwin programs. As of February 2012, this was replaced with a version of Tcl/Tk which uses Cygwin's POSIX APIs and X11 for GUI functionality. If you get a message such as this when trying to start a Tk app: Application initialization failed: couldn't connect to display "" Then you need to start an X server, or if one is already running, set the DISPLAY variable to the proper value. The Cygwin distribution includes an X server; please see the Cygwin/X User Guide for installation and startup instructions. What applications have been found to interfere with Cygwin? From time to time, people have reported strange failures and problems in Cygwin and Cygwin packages that seem to have no rational explanation. Among the most common symptoms they report are fork failures, memory leaks, and file access denied problems. These problems, when they have been traced, often appear to be caused by interference from other software installed on the same PC. Security software, in particular, such as anti-virus, anti-spyware, and firewall applications, often implements its functions by installing hooks into various parts of the system, including both the Explorer shell and the underlying kernel. Sometimes these hooks are not implemented in an entirely transparent fashion, and cause changes in the behaviour which affect the operation of other programs, such as Cygwin. Among the software that has been found to cause difficulties are: AR Soft RAM Disk ATI Catalyst (some versions) AVAST (disable FILESYSTEM and BEHAVIOR realtime shields) Avira AntiVir BeyondTrust PowerBroker BitDefender Bufferzone from Trustware ByteMobile laptop optimization client COMODO Firewall Pro COMODO Internet Security ConEmu (try disabling "Inject ConEmuHk" or see ConEmuHk documentation) Citrix Metaframe Presentation Server/XenApp (see Citrix Support page) Credant Guardian Shield CylancePROTECT Earthlink Total-Access Forefront TMG Google Desktop Iolo System Mechanic/AntiVirus/Firewall Kerio, Agnitum or ZoneAlarm Personal Firewall LanDesk Lavasoft Web Companion Lenovo IPS Core Service (ipssvc) Lenovo RapidBoot Shield Logitech webcam software with "Logitech process monitor" service MacType NOD32 Antivirus NVIDIA GeForce (some versions) Norton/McAfee/Symantec antivirus or antispyware PC Tools Spyware Doctor Panda Internet Security Sonic Solutions burning software containing DLA component (when DLA disabled) Sophos Anti-Virus 7 Spybot S&D TeaTimer Various programs by Wave Systems Corp using wxvault.dll, including Embassy Trust Suite and Embassy Security Center Webroot Spy Sweeper with Antivirus Windows Defender Windows LiveOneCare IBM Security Trusteer Rapport (see its home page) Sometimes these problems can be worked around, by temporarily or partially disabling the offending software. For instance, it may be possible to disable on-access scanning in your antivirus, or configure it to ignore files under the Cygwin installation root. Often, unfortunately, this is not possible; even disabling the software may not work, since many applications that hook the operating system leave their hooks installed when disabled, and simply set them into what is intended to be a completely transparent pass-through mode. Sometimes this pass-through is not as transparent as all that, and the hooks still interfere with Cygwin; in these cases, it may be necessary to uninstall the software altogether to restore normal operation. Some of the symptoms you may experience are: Random fork() failures Caused by hook DLLs that load themselves into every process in the system. POSIX fork() semantics require that the memory map of the child process must be an exact duplicate of the parent process' layout. If one of these DLLs loads itself at a different base address in the child's memory space as compared to the address it was loaded at in the parent, it can end up taking the space that belonged to a different DLL in the parent. When Cygwin can't load the original DLL at that same address in the child, the fork() call has to fail. File access problems Some programs (e.g., virus scanners with on-access scanning) scan or otherwise operate on every file accessed by all the other software running on your computer. In some cases they may retain an open handle on the file even after the software that is really using the file has closed it. This has been known to cause operations such as deletes, renames and moves to fail with access denied errors. In extreme cases it has been known for scanners to leak file handles, leading to kernel memory starvation. Networking issues Firewall software sometimes gets a bit funny about Cygwin. It's not currently understood why; Cygwin only uses the standard Winsock2 API, but perhaps in some less-commonly used fashion that doesn't get as well tested by the publishers of firewalls. Symptoms include mysterious failures to connect, or corruption of network data being sent or received. Memory and/or handle leaks Some applications that hook into the Windows operating system exhibit bugs when interacting with Cygwin that cause them to leak allocated memory or other system resources. Symptoms include complaints about out-of-memory errors and even virtual memory exhaustion dialog boxes from the O/S; it is often possible to see the excess memory allocation using a tool such as Task Manager or Sysinternals' Process Explorer, although interpreting the statistics they present is not always straightforward owing to complications such as virtual memory paging and file caching. How do I fix fork() failures? Unfortunately, Windows does not use the fork/exec model of process creation found in UNIX-like OSes, so it is difficult for Cygwin to implement a reliable and correct fork(), which can lead to error messages such as: unable to remap somedll to same address as parent couldn't allocate heap died waiting for dll loading child -1 - died waiting for longjmp before initialization STATUS_ACCESS_VIOLATION resource temporarily unavailable Potential solutions for the above errors: Restart whatever process is trying (and failing) to use fork(). Sometimes Windows sets up a process environment that is even more hostile to fork() than usual. Ensure that you have eliminated (not just disabled) all software on the . Switch from 32-bit Cygwin to 64-bit Cygwin, if your OS and CPU support that. With the bigger address space fork() is less likely to fail. Try setting the environment variable CYGWIN to "detect_bloda", which enables some extra debugging, which may indicate what other software is causing the problem. See this mail for more information. Force a full rebase: Run rebase-trigger fullrebase, exit all Cygwin programs and run Cygwin setup. By default, Cygwin's setup program automatically performs an incremental rebase of newly installed files. Forcing a full rebase causes the rebase map to be cleared before doing the rebase. See /usr/share/doc/rebase/README and /usr/share/doc/Cygwin/_autorebase.README for more details. Please note that installing new packages or updating existing ones undoes the effects of rebase and often causes fork() failures to reappear. See the process creation section of the User's Guide for the technical reasons it is so difficult to make fork() work reliably. How do I fix find_fast_cwd warnings? Older Cygwin releases asked users to report problems to the mailing list with the message: find_fast_cwd: WARNING: Couldn't compute FAST_CWD pointer. Please report this problem to the public mailing list cygwin@cygwin.com Recent Cygwin releases changed this to the message: This typically occurs if you're using an older Cygwin version on a newer Windows. Please update to the latest available Cygwin version from https://cygwin.com/. If the problem persists, please see https://cygwin.com/problems.html. This is not serious, just a warning that Cygwin may not always be able to exactly emulate all aspects of Unix current directory handling under your Windows release. Unfortunately some projects and products still distribute older Cygwin releases which may not fully support newer Windows releases, instead of installing the current release from the Cygwin project. They also may not provide any obvious way to keep the Cygwin packages their application uses up to date with fixes for security issues and upgrades. The solution is simply downloading and running Cygwin Setup, following the instructions in the Internet Setup section of Setting Up Cygwin in the Cygwin User's Guide. Please exit from all applications before running Cygwin Setup. When running Setup, you should not change most of the values presented, just select the Next button in most cases, as you already have a Cygwin release installed, and only want to upgrade your current installation. You should make your own selection if the internet connection to your system requires a proxy; and you must always pick an up to date Cygwin download (mirror) site, preferably the site nearest to your system for faster downloads, as shown, with more details to help you choose, on the Mirror Sites web page. Cygwin Setup will download and apply upgrades to all packages required for Cygwin itself and installed applications. Any problems with applying updates, or the application after updates, should be reported to the project or product supplier for remedial action. As Cygwin is a volunteer project, unable to provide support for older releases installed by projects or products, it would be helpful to let other users know what project or product you installed, in a quick email.