| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:references:date:in-reply-to | |
| :message-id:mime-version:content-type; q=dns; s=default; b=eC3aM | |
| v2W6YCA7Y6cID0TFC+pHlimIGbxJktYDFpodyHHrcG9PoycJ2tfQxUKrrlUqLKAA | |
| Il+oyR5AuUTfxKRLRSkrpTa6Il3kl539+Ozxf8GmwlMUvzxqjmZ4/1bVIbPqKTBc | |
| fFwxF7gYWOX9UXluFqlgvg2nAi2rVMbvTiynwE= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:references:date:in-reply-to | |
| :message-id:mime-version:content-type; s=default; bh=Yxva6yY5h1c | |
| 9E8NE5n0CAd6ZdNU=; b=hjhPVHZCiBU/EMiEe5zPLwUc+Lb33b+ry5G2EXOL0Iz | |
| W6r+v67124aFuiTydu+MYIKPEsMZWEx+moWDKPMDzMjMHX7SAo9Utn8qWKJraxv9 | |
| sqqiCAHum4bpwgJNph7s1R9S0av80k4kUw7qykWISh7CaSIul5pe/RmwT2A+ym0o | |
| = | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-0.2 required=5.0 tests=AWL,BAYES_40,SPF_PASS autolearn=ham version=3.3.2 spammy=ntfs, window's, guesswork, getfacl |
| X-HELO: | mx009.vodafonemail.xion.oxcs.net |
| From: | Achim Gratz <Stromeko AT nexgo DOT de> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: No way to use ssh ~/.ssh/config with "noacl" option |
| References: | <59FD8C99 DOT 8010703 AT gmail DOT com> <20171104113723 DOT GC18070 AT calimero DOT vinschen DOT de> <59FDA8D9 DOT 6050808 AT gmail DOT com> <59FDC12F DOT 1080005 AT codespunk DOT com> <59FDDCFA DOT 9030306 AT codespunk DOT com> |
| Date: | Sat, 04 Nov 2017 16:43:41 +0100 |
| In-Reply-To: | <59FDDCFA.9030306@codespunk.com> (Matt D.'s message of "Sat, 4 Nov 2017 11:30:02 -0400") |
| Message-ID: | <87shdudp76.fsf@Rainer.invalid> |
| User-Agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
| MIME-Version: | 1.0 |
| X-VADE-STATUS: | LEGIT |
Matt D. writes: > This makes sense because Cygwin is pulling the NTFS permissions as > there are no Cygwin ACLs defined. > > The only workaround is to use Window's Security diaglog to disable > inherited permissions and remove the Users group. This does seem to > satisfy things. That's the correct thing to do, even though you made this unnecessarily hard for yourself by mounting your home directory with "noacl". > I suppose the argument now is whether this behavior should change in > the face of a drive mounted with "noacl". It took a bit of guesswork > as neither chmod or setfacl was changing the NTFS permissions. I don't think ssh should use files that are accessible by somebody else. The noacl mount option is sometimes useful, but certainly not in this situation, as you found out. > Interestingly, a config file that I chmodded when the drive was > mounted with Cygwin ACLs still works with ssh even though "noacl" is > now defined and it is still part of the HOSTNAME\Users group. Neither > stat or getfacl show these permissions but they can be seen in the > security tab of the file properties. I'm guessing that it works > because it has HOSTNAME\None below HOSTNAME\<my account> or something? The effective access rights as shown by icacls or similar tools should tell you what is going on. If the directory is not readable, then the file is effectively inaccessible I think. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf microQ V2.22R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |