| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:reply-to:message-id:to:subject | |
| :in-reply-to:references:mime-version:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=Ntmwh1AKsN+WRd1U | |
| EksgmHn1SKCi2yIbP4X9iSwHhZPnvM/aKihp4yas6tOvDxZQYKmcdBrmV4ZAAZmg | |
| OHFkP0EC8rSWEVxWJb8vpwbC0CfBdEMrWNO4YNdXs04oKg288X4dghmbWFJH0VNK | |
| vT9vJBoGT9hn6MCGr/Gmy262lcw= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:reply-to:message-id:to:subject | |
| :in-reply-to:references:mime-version:content-type | |
| :content-transfer-encoding; s=default; bh=UxSihN402uRGoUsXZklXEf | |
| IEevg=; b=EblaDZqej+a9P84MBaG0YDsVoRuZaobb/kn/Fq8Btg1eSwzL+PRIbZ | |
| 5cPZZy67r+91rrrgAMpDW4p7kNyb819wGoHr1kU/7FbAlRYuQd4wsel5eFfgaeMw | |
| FdXN+qW+cJEh6DKkKKYkF4HyZOYxjxmTUHNcsFdNeLypX4/3tMVtk= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-3.3 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 |
| X-HELO: | smtp.ht-systems.ru |
| Date: | Fri, 3 Apr 2015 01:16:18 +0300 |
| From: | Andrey Repin <anrdaemon AT yandex DOT ru> |
| Reply-To: | cygwin AT cygwin DOT com |
| Message-ID: | <311747419.20150403011618@yandex.ru> |
| To: | Bryan Berns <bryan DOT berns AT gmail DOT com>, cygwin AT cygwin DOT com |
| Subject: | Re: File Permissions - Yet Another Question / Clarification |
| In-Reply-To: | <CADi7v6+te0gAh-knHwRnBz_O6i8FJAFc_AJ5=hfutW6u7y4wJg@mail.gmail.com> |
| References: | <CADi7v6K6Xbz3JYB-=JC23YMCEHzhmV3sSOAtcE73ydTecbcR-Q AT mail DOT gmail DOT com> <152755247 DOT 20150401232333 AT yandex DOT ru> <CADi7v6L0LyBSMRHWpWkcRPv-9=mZQLMTOPcyLO_k8kujV=ypTQ AT mail DOT gmail DOT com> <402200952 DOT 20150402043205 AT yandex DOT ru> <CADi7v6+T7Wg=JncC2K-SWANkG6xKL+Z0Y+4azRLs1S8s-YXwdw AT mail DOT gmail DOT com> <1876247786 DOT 20150402183153 AT yandex DOT ru> <CADi7v6+xL4GPSCkQixXgyDBM2N7RNJmNLRgqyQrmVQqeJRERbQ AT mail DOT gmail DOT com> <87twwyxtin DOT fsf AT Rainer DOT invalid> <CADi7v6+te0gAh-knHwRnBz_O6i8FJAFc_AJ5=hfutW6u7y4wJg AT mail DOT gmail DOT com> |
| MIME-Version: | 1.0 |
| X-IsSubscribed: | yes |
Greetings, Bryan Berns! >> He's talking about "Administrators" the SID (group). > Interesting. Given the built-in Administrators group doesn't often > [directly] play into permissions on remote systems or cross-system > permission models, I'm not sure where he was going with that. > Regardless, I'll consider it water under the bridge. "Domain Admins" group is a member of local Administrators group. In properly set corporate environment, administrators that require management access to client systems are also automatically added to this group. >> In any case, I'd start with a throwaway share (or save the permissions >> with subinacl if I had to use a live one). Then remove the inherited / >> default DACL from a subdirectory: >> >> mkdir sub >> setfacl -k sub >> setfacl -b sub >> >> Then check how this behaves w.r.t. POSIX permissions and file ownership. >> Populate this directory with files and check those, too. The ~/.ssh >> directory and their content shouldn't have any DACL on them in any case >> if you c want to be sure it works the way sshd is wanting it to. >> >> >> Regards, >> Achim. > Thanks for advice -- I will give it a shot and dive in deeper. I > think I have two problems I'm interesting in understanding more / > resolving: > 1) why doesn't Cygwin think my user has permissions to the files and I already told you at least one way to check it further. Given my shallow understanding of Cygwin internals, I'm sure there's more ways to look at it. Or you can go straight to strace and gdb. > 2) how can I get SSH to believe the two "admin" groups on my > files are acceptable. This one is simple: They are not acceptable in any way. And insisting on this point is not going to get any appreciation any time soon. -- With best regards, Andrey Repin Friday, April 3, 2015 01:09:48 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |