Mail Archives: cygwin/2017/11/04/09:31:43

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2017/11/04/09:31:43

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:subject:reply-to:references:to:message-id

:date:mime-version:in-reply-to:content-type

:content-transfer-encoding; q=dns; s=default; b=uv39K1IhtqB0XNuE

UeM/iFNPiX/15JZh8eUPVtlJu8nZAKcUPFBaY+ELgYjD/RHxWNnNVYBUcOtQO4R3

/LJCa/VZzQ1hLbJCWn5LisGO2wNgu5X2RfokuZdZhbyRx0UEjBPFfG84veqZ5sbC

WNrXORNjttjWF9RfPeUsHs1/q7I=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:subject:reply-to:references:to:message-id

:date:mime-version:in-reply-to:content-type

:content-transfer-encoding; s=default; bh=x+RQP2a6D31WyaJR76hux1

pd1jI=; b=T4np8hHRmJR8E2+sY6d1obKBwJ1fv0dIzV/kL4r4rjzz5T/4y/RvLi

6yNu0g1MKMLkJvjVk606wDtr8f2c2UIdibMlrZ0l+h85vrJkfyEcjTdhPkGaUBPq

o/kHL72tXRH8jNBivc7TD6cEuWAB2I/zMZTUYKRPduibbTgCRWYao=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,FREEMAIL_REPLYTO,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=openssh, re-ran, github, ls

X-HELO: mail-pg0-f52.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:reply-to:references:to:message-id :date:user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=c7hGddv8uv6puvUiq1iBmxmPOzsvICdGNhe8aFdYqv0=; b=aT6zzGLodLk8/IoICqkKvPdLEm5alLjGH0Ql+uCO1GST7lHPRUfPo+hxTEjI7tSLTv jH1xfaZfdl3b77Gwte1xDLBe3+H7n7bG/md88zr/dwj2h1FE6qSvZXSU2WQdIbHOtVCo DHGGY3ib6kUbnOyucdlV9PUCL7P9boyKjw6e/JKGjQ7IYemJR0ysBRMiINvC1Ydv2BEl 3LJQi13msKMkdMmd1lhiC4yXLoserZFzbOEN7zwCpbQcgG5+IV7IWFXuOkpAy3Q065P4 nWR8gxk+bm+bYAYf8A8HIQZHYgpgC6WSIR+Boz4Gzoa4jXm0MsrLCAL7n2YYuTXkgFIy P0rA==

X-Gm-Message-State: AMCzsaXCY+deV5iq4m+PHgHU7vzaxlAsoe5UUlA+6/8jYgtIBzn8AhfM Hn1iJ1GG66rWUB77J9N88NogXaFm

X-Google-Smtp-Source: ABhQp+R09lzpTgZlm0AUn/7erYAssn/0XjmU9H3qDrxrJeZ/shJy1PNzC6vBIHlDac68YwWc1r2Htg==

X-Received: by 10.101.82.202 with SMTP id z10mr10125474pgp.404.1509802288173; Sat, 04 Nov 2017 06:31:28 -0700 (PDT)

From: "Matt D." <codespunk AT gmail DOT com>

X-Google-Original-From: "Matt D." <identity AT codespunk DOT com>

Subject: Re: No way to use ssh ~/.ssh/config with "noacl" option

Reply-To: codespunk+cygwin AT gmail DOT com

References: <59FD8C99 DOT 8010703 AT gmail DOT com> <20171104113723 DOT GC18070 AT calimero DOT vinschen DOT de> <59FDA8D9 DOT 6050808 AT gmail DOT com>

To: cygwin AT cygwin DOT com

Message-ID: <59FDC12F.1080005@codespunk.com>

Date: Sat, 4 Nov 2017 09:31:27 -0400

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

MIME-Version: 1.0

In-Reply-To: <59FDA8D9.6050808@gmail.com>


On 11/4/2017 7:47 AM, Matt D. wrote:
> On 11/4/2017 7:37 AM, Corinna Vinschen wrote:
>> On Nov  4 05:47, Matt D. wrote:
>>> I mount with "noacl" as I don't need ACLs for my purposes and prefer to
>>> leave everything up to Windows permissions.
>>>
>>> The problem with this is that ssh insists that ~/.ssh/config be less
>>> permissive. But this file is bound to --rw-r--r-- for this option.
>>>
>>> Would it be appropriate to request ssh to ignore this requirement when
>>> "noacl" present on the mounted volume?
>>
>> Yes, in theory.  However, this shouldn't be necessary.
>>
>> Ssh already has code to check extrem perms only in "acl" mounted
>> directories, but it does not have this extra check for config files,
>> basically because it was never necessary:
>>
>> If you use noacl, your file perms are faked to always be 644, or
>> 444 if the DOS R/O bit is set, or 755/555 if executable/directory.
>> Additionally all files are faked as if they are owned by your own
>> account.
>>
>> Ssh checks the config file like this:
>>
>>    if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
>>        (sb.st_mode & 022) != 0))
>>       fatal("Bad owner or permissions on %s", filename);
>>
>> Which means, 0644 permissions are perfectly fine.  As are 755 perms
>> for the ~/.ssh and ~ dirs.
>>
>> I just mounted my home dir "noacl".  The perms are as expected:
>>
>>    $ ls -ld . .ssh .ssh/config .ssh/id_local
>>    drwxr-xr-x 1 corinna vinschen    0 Nov  4 12:27 .
>>    drwxr-xr-x 1 corinna vinschen    0 Mar 14  2017 .ssh
>>    -rw-r--r-- 1 corinna vinschen  703 Jan 19  2017 .ssh/config
>>    -rw-r--r-- 1 corinna vinschen 7329 Jan 12  2017 .ssh/id_local
>>
>> Note especially the too open perms in case of the private keyfile
>> "id_local".  Still, I can ssh into one of my other machines just fine.
>>
>> How come this doesn't work for you?
>>
>>
>> Corinna
>>
>
> I don't know why it doesn't work for me other than the reported error. I
> am trying to use ssh combined with git. My .ssh permissions are:
>
> $ls -ld . .ssh .ssh/config .ssh/github
> drwxr-xr-x 1 Matthew D'Onofrio None    0 Nov  4 06:42 .
> drwxr-xr-x 1 Matthew D'Onofrio None    0 Nov  4 04:51 .ssh
> -rw-r--r-- 1 Matthew D'Onofrio None   80 Nov  4 04:51 .ssh/config
> -rw-r--r-- 1 Matthew D'Onofrio None 3243 Nov  3 10:53 .ssh/github
>
> I removed the noacl option in fstab, re-ran Cygwin setup, set
> .ssh/config to 600 and ssh was happy. I then reverted back to noacl and
> the problem returned.
>
> I'm in the process of trying to build openssh with cygpath for debugging
> but this is my first time building anything from Cygwin or using
> cygports so it's taking some time.
>
>
> Matt D.

Please stand by. Looking into this further.


Matt D.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:reply-to:references:to:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=uv39K1IhtqB0XNuE
	UeM/iFNPiX/15JZh8eUPVtlJu8nZAKcUPFBaY+ELgYjD/RHxWNnNVYBUcOtQO4R3
	/LJCa/VZzQ1hLbJCWn5LisGO2wNgu5X2RfokuZdZhbyRx0UEjBPFfG84veqZ5sbC
	WNrXORNjttjWF9RfPeUsHs1/q7I=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:reply-to:references:to:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=x+RQP2a6D31WyaJR76hux1
	pd1jI=; b=T4np8hHRmJR8E2+sY6d1obKBwJ1fv0dIzV/kL4r4rjzz5T/4y/RvLi
	6yNu0g1MKMLkJvjVk606wDtr8f2c2UIdibMlrZ0l+h85vrJkfyEcjTdhPkGaUBPq
	o/kHL72tXRH8jNBivc7TD6cEuWAB2I/zMZTUYKRPduibbTgCRWYao=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-0.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,FREEMAIL_REPLYTO,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=openssh, re-ran, github, ls
X-HELO:	mail-pg0-f52.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:reply-to:references:to:message-id :date:user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=c7hGddv8uv6puvUiq1iBmxmPOzsvICdGNhe8aFdYqv0=; b=aT6zzGLodLk8/IoICqkKvPdLEm5alLjGH0Ql+uCO1GST7lHPRUfPo+hxTEjI7tSLTv jH1xfaZfdl3b77Gwte1xDLBe3+H7n7bG/md88zr/dwj2h1FE6qSvZXSU2WQdIbHOtVCo DHGGY3ib6kUbnOyucdlV9PUCL7P9boyKjw6e/JKGjQ7IYemJR0ysBRMiINvC1Ydv2BEl 3LJQi13msKMkdMmd1lhiC4yXLoserZFzbOEN7zwCpbQcgG5+IV7IWFXuOkpAy3Q065P4 nWR8gxk+bm+bYAYf8A8HIQZHYgpgC6WSIR+Boz4Gzoa4jXm0MsrLCAL7n2YYuTXkgFIy P0rA==
X-Gm-Message-State:	AMCzsaXCY+deV5iq4m+PHgHU7vzaxlAsoe5UUlA+6/8jYgtIBzn8AhfM Hn1iJ1GG66rWUB77J9N88NogXaFm
X-Google-Smtp-Source:	ABhQp+R09lzpTgZlm0AUn/7erYAssn/0XjmU9H3qDrxrJeZ/shJy1PNzC6vBIHlDac68YwWc1r2Htg==
X-Received:	by 10.101.82.202 with SMTP id z10mr10125474pgp.404.1509802288173; Sat, 04 Nov 2017 06:31:28 -0700 (PDT)
From:	"Matt D." <codespunk AT gmail DOT com>
X-Google-Original-From:	"Matt D." <identity AT codespunk DOT com>
Subject:	Re: No way to use ssh ~/.ssh/config with "noacl" option
Reply-To:	codespunk+cygwin AT gmail DOT com
References:	<59FD8C99 DOT 8010703 AT gmail DOT com> <20171104113723 DOT GC18070 AT calimero DOT vinschen DOT de> <59FDA8D9 DOT 6050808 AT gmail DOT com>
To:	cygwin AT cygwin DOT com
Message-ID:	<59FDC12F.1080005@codespunk.com>
Date:	Sat, 4 Nov 2017 09:31:27 -0400
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version:	1.0
In-Reply-To:	<59FDA8D9.6050808@gmail.com>