Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Fri, 8 Feb 2002 11:21:40 +0100
From: Corinna Vinschen <cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: SSHD configuration
Message-ID: <20020208112140.A12075@cygbert.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <F149rVc4Iu1B6gVs1tI000006e2 AT hotmail DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <F149rVc4Iu1B6gVs1tI000006e2@hotmail.com>
User-Agent: Mutt/1.3.22.1i

On Thu, Feb 07, 2002 at 10:09:58PM -0500, Ilya Sterin wrote:
> Hello all.  I am trying to set up sshd on my win2k box and everything is
> successful.  But I have a question...
> Is there a way to restrict the users as well as directories per user.
> Although my win box has a few users, I only want to allow one to be able to
> ssh to this machine.  Also I would like to restrict this user to only one
> directory, and don't want to give them permissions to browse others ones?
> Is there a way to do both of the above tasks, or at least one of them?
> Thanks in Advance.

That's actually a task to perform in Windows native mode.  The
POSIX permissions in Cygwin are only able to deal with a subset of
the NTFS permissions.  There are especially user rights which
allow to do things which seem to be impossible due to the POSIX
permissions.  One user right is "Bypass traverse checking" which
is given to "Everyone" by default.  This allows to access a file
for which the user has permissions even if the parent directory
disallows any access!

Concludently Cygwin can only give security in the borders given by
the NT security settings.  You should consider to secure the system
from the native point of view and then match your ssh/sshd settings
into that system.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/