| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:references:date:in-reply-to | |
| :message-id:mime-version:content-type; q=dns; s=default; b=fALef | |
| R8O3ezmwYwDFLOZIVTIM6AWDl8NBqVaTuCdsOJCNdBwqix8PkVY/lFzTwgRRFd0u | |
| TIIyq4TBmClivpa+N+dsobTLYHk9ib6Zq8qG9qQ2oqNL3BvwBNrFAC741trTFtxa | |
| kbTiu5t96Z+x7p12tNCGJNxI9rM6IIiLrmBp14= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:references:date:in-reply-to | |
| :message-id:mime-version:content-type; s=default; bh=u1gA/rsaR8L | |
| Um/RaaKSx84xk1EQ=; b=jWTckiZukmwSKZry887lUb56DawC2wJ48By2jGkG1us | |
| dPvTIYTIffq/yx+uCmgNXuBLrGhQ3Z5Nbo2IYt83IN/kzPMCNfHgvGlZrbDK8Uuy | |
| Mv3btys4s5kdL2xhMOs78zWkXtfQFfm8mPkpsLnQB2Bz5TN4SuajC3Jdj9Gn2V1c | |
| = | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-1.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 |
| X-HELO: | mail-in-05.arcor-online.net |
| X-DKIM: | Sendmail DKIM Filter v2.8.2 mail-in-02.arcor-online.net 3lHtX431SDz1Sr6 |
| From: | Achim Gratz <Stromeko AT nexgo DOT de> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: File Permissions - Yet Another Question / Clarification |
| References: | <CADi7v6K6Xbz3JYB-=JC23YMCEHzhmV3sSOAtcE73ydTecbcR-Q AT mail DOT gmail DOT com> <152755247 DOT 20150401232333 AT yandex DOT ru> <CADi7v6L0LyBSMRHWpWkcRPv-9=mZQLMTOPcyLO_k8kujV=ypTQ AT mail DOT gmail DOT com> <402200952 DOT 20150402043205 AT yandex DOT ru> <CADi7v6+T7Wg=JncC2K-SWANkG6xKL+Z0Y+4azRLs1S8s-YXwdw AT mail DOT gmail DOT com> <1876247786 DOT 20150402183153 AT yandex DOT ru> <CADi7v6+xL4GPSCkQixXgyDBM2N7RNJmNLRgqyQrmVQqeJRERbQ AT mail DOT gmail DOT com> |
| Date: | Thu, 02 Apr 2015 20:41:20 +0200 |
| In-Reply-To: | <CADi7v6+xL4GPSCkQixXgyDBM2N7RNJmNLRgqyQrmVQqeJRERbQ@mail.gmail.com> (Bryan Berns's message of "Thu, 2 Apr 2015 14:27:17 -0400") |
| Message-ID: | <87twwyxtin.fsf@Rainer.invalid> |
| User-Agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
| MIME-Version: | 1.0 |
Bryan Berns writes: > In the real world in large corporations with focus on security, > "Administrators" is typically a tiered or least privilege arrangement. He's talking about "Administrators" the SID (group). In any case, I'd start with a throwaway share (or save the permissions with subinacl if I had to use a live one). Then remove the inherited / default DACL from a subdirectory: mkdir sub setfacl -k sub setfacl -b sub Then check how this behaves w.r.t. POSIX permissions and file ownership. Populate this directory with files and check those, too. The ~/.ssh directory and their content shouldn't have any DACL on them in any case if you c want to be sure it works the way sshd is wanting it to. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |