X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=Ntmwh1AKsN+WRd1U EksgmHn1SKCi2yIbP4X9iSwHhZPnvM/aKihp4yas6tOvDxZQYKmcdBrmV4ZAAZmg OHFkP0EC8rSWEVxWJb8vpwbC0CfBdEMrWNO4YNdXs04oKg288X4dghmbWFJH0VNK vT9vJBoGT9hn6MCGr/Gmy262lcw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; s=default; bh=UxSihN402uRGoUsXZklXEf IEevg=; b=EblaDZqej+a9P84MBaG0YDsVoRuZaobb/kn/Fq8Btg1eSwzL+PRIbZ 5cPZZy67r+91rrrgAMpDW4p7kNyb819wGoHr1kU/7FbAlRYuQd4wsel5eFfgaeMw FdXN+qW+cJEh6DKkKKYkF4HyZOYxjxmTUHNcsFdNeLypX4/3tMVtk= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.3 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtp.ht-systems.ru Date: Fri, 3 Apr 2015 01:16:18 +0300 From: Andrey Repin Reply-To: cygwin@cygwin.com Message-ID: <311747419.20150403011618@yandex.ru> To: Bryan Berns , cygwin@cygwin.com Subject: Re: File Permissions - Yet Another Question / Clarification In-Reply-To: References: <152755247.20150401232333@yandex.ru> <402200952.20150402043205@yandex.ru> <1876247786.20150402183153@yandex.ru> <87twwyxtin.fsf@Rainer.invalid> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Greetings, Bryan Berns! >> He's talking about "Administrators" the SID (group). > Interesting. Given the built-in Administrators group doesn't often > [directly] play into permissions on remote systems or cross-system > permission models, I'm not sure where he was going with that. > Regardless, I'll consider it water under the bridge. "Domain Admins" group is a member of local Administrators group. In properly set corporate environment, administrators that require management access to client systems are also automatically added to this group. >> In any case, I'd start with a throwaway share (or save the permissions >> with subinacl if I had to use a live one). Then remove the inherited / >> default DACL from a subdirectory: >> >> mkdir sub >> setfacl -k sub >> setfacl -b sub >> >> Then check how this behaves w.r.t. POSIX permissions and file ownership. >> Populate this directory with files and check those, too. The ~/.ssh >> directory and their content shouldn't have any DACL on them in any case >> if you c want to be sure it works the way sshd is wanting it to. >> >> >> Regards, >> Achim. > Thanks for advice -- I will give it a shot and dive in deeper. I > think I have two problems I'm interesting in understanding more / > resolving: > 1) why doesn't Cygwin think my user has permissions to the files and I already told you at least one way to check it further. Given my shallow understanding of Cygwin internals, I'm sure there's more ways to look at it. Or you can go straight to strace and gdb. > 2) how can I get SSH to believe the two "admin" groups on my > files are acceptable. This one is simple: They are not acceptable in any way. And insisting on this point is not going to get any appreciation any time soon. -- With best regards, Andrey Repin Friday, April 3, 2015 01:09:48 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple