Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <4.3.1.2.20020423153005.02777ef8@pop.ma.ultranet.com>
X-Sender: lhall AT pop DOT ma DOT ultranet DOT com
Date: Tue, 23 Apr 2002 15:35:14 -0400
To: Michael A Chase <mchase AT ix DOT netcom DOT com>,
   Chris Ellsworth <cke AT highlandshighspeed DOT net>, cygwin AT cygwin DOT com
From: "Larry Hall (RFK Partners, Inc)" <lhall AT rfk DOT com>
Subject: Re: Cygdrive mounts
In-Reply-To: <E1705x9-0006xT-00@maynard.mail.mindspring.net>
References: <003401c1eaee$b6458550$03dad741 AT 2kiisikon>
 <4 DOT 3 DOT 1 DOT 2 DOT 20020423125430 DOT 0276e388 AT pop DOT ma DOT ultranet DOT com>
 <003401c1eaee$b6458550$03dad741 AT 2kiisikon>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

At 03:27 PM 4/23/2002, Michael A Chase wrote:
>On Tue, 23 Apr 2002 10:45:52 -0700 Chris Ellsworth <cke AT highlandshighspeed DOT net> wrote:
>
> > I am doing install of this for sshd on windows for clients for the
> > purpose of forwarding ports for access such as VNC, pcanywhere FTP and
> > other items and i dont want to give access to the other areas of the
> > drives. I tryed the umount command and have not sucessfully removed
> > it. maybe i am doing something but here is what i have done.
> > 
> > [admin AT 2k-iis-ikon]~:{103}:$ mount
> > c:\cygwin\bin on /usr/bin type system (binmode)
> > c:\cygwin\lib on /usr/lib type system (binmode)
> > c:\cygwin on / type system (binmode)
> > c: on /cygdrive/c type user (textmode,noumount)
> > f: on /cygdrive/f type user (textmode,noumount)
> > [admin AT 2k-iis-ikon]~:{104}:$ umount -U
> > [admin AT 2k-iis-ikon]~:{105}:$ mount
> > c:\cygwin\bin on /usr/bin type system (binmode)
> > c:\cygwin\lib on /usr/lib type system (binmode)
> > c:\cygwin on / type system (binmode)
> > c: on /cygdrive/c type user (textmode,noumount)
> > f: on /cygdrive/f type user (textmode,noumount)
> > [admin AT 2k-iis-ikon]~:{106}:$
>
>You are likely doomed to disappointment.  Even if you disable /cygdrive/c,
>c:/xxx will probably still work.  Perhaps sshd will allow you to specify a
>local root.  You can link or mount whatever you want to allow access to
>from inside there.
>
>I tried "umount -U -c" and "umount -c", but neither worked for me, probably
>a local system problem.  I was able to delete the information in the
>registry (HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2),
>but I don't know what other side effects might result so I'm putting it
>back right away.


Right.  Using 'mount'/'umount' as security enforcing mechanisms is the 
wrong approach.  Use 'chown', 'chgrp', and 'chmod' with 'ntsec' set in 
your CYGWIN environment variable if you want to try to do this with Cygwin.
This approach also ends up being easy to compromise too though. Anyone
doing this is left with needing to set the proper permissions using Windows 
mechanisms, I'm afraid.


Larry Hall                              lhall AT rfk DOT com
RFK Partners, Inc.                      http://www.rfk.com
838 Washington Street                   (508) 893-9779 - RFK Office
Holliston, MA 01746                     (508) 893-9889 - FAX


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/