X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 q=dns; s=default; b=uYUbTJaSxMxEwEOYxR/hYj1SjqW091LY8OV51jKyQsK
	SnMYKqj7WEVDuXSGzxMPnOXj9RmP+GS3Ucu3kMTUKa2jTq+iUm383JNeeTRNTfFX
	OAd2NtRbVVutQs9gIIzciU3tIMdtCDVsqIssxtyTjIhPe5eaBGkqyoGgW/t6NFu8
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 s=default; bh=kJqR7xCGAnv5wPLELXYPM4cZzLE=; b=mBMYbFxH4xNwkPcqh
	Kg3du4rIvLJO3cJKj96KTn/FrF3oQJxI8srfQuooIf+FC/cNBTd5jUNXwNPemTUN
	DO6aV8uMkU8pKfhdfHqSPs2cnwzLnfsyOgQEnbEcl0Z1tanzKCNxdPPeKG1UVSZL
	miwbtVfDycTmzANRKj0N3vrfw0=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT autolearn=no version=3.3.1 spammy=expertise
X-HELO: Ishtar.sc.tlinx.org
Message-ID: <5D1FA591.4050605@tlinx.org>
Date: Fri, 05 Jul 2019 12:31:29 -0700
From: L A Walsh <cygwin@tlinx.org>
User-Agent: Thunderbird
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: Re: Domain User restrictions - Windows server 2012 R2
References: <9e8b10829e18453f9e3af064a0d67c7c@ATGRZSW1694.avl01.avlcorp.lan> <CANV9t=SFgKkmzpy6-LfLdR-Arvw34BwqpvMvznC2dKRKgUYYqg@mail.gmail.com>
In-Reply-To: <CANV9t=SFgKkmzpy6-LfLdR-Arvw34BwqpvMvznC2dKRKgUYYqg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

On 2019/07/03 10:01, Bill Stewart wrote:
> On Wed, Jul 3, 2019 at 2:41 AM Bergbauer, Daniel AVL/DE vwrote:
>
>   
>> What I want now is, to restrict every user, who connects to the server via ssh, to its home folder /home/'username' == C:\projects\'username'
>>     

I don't know if this would work or be easy, but you could add everyone
to a special group, say 'cygmake', then use windows permission
to disallow access to directories they shouldn't be able to enter
using a windows "deny" entry.

You might have to play with it a bit, since you want them to have execute
access to the windows binaries, but maybe not read(?)  Never tried that
before,
but if that works...might solve your problem.

Also, for their individual directories, you might want them only readable
by the user themselves -- so no other users can read it.

It's not ideal, since it involves changing permissions everywhere you don't
want them going, but at least, it has the benefit of being limited to
the 1 group you'd have to restrict.

I feel like I'm lacking sufficient expertise in windows to come up with a
good solution -- maybe asking the question in a windows forum about how
to do the equivalent of chroot or restricting them to their directory and
some list of windows directories?

good luck!


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple