Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <010601c2eb25$1f2ee700$78d96f83@pomello>
From: "Max Bowsher" <maxb AT ukf DOT net>
To: "roland" <for_spam AT gmx DOT de>, <cygwin AT cygwin DOT com>
References: <00a701c2eb23$c43f4a20$2000000a AT schlepptopp>
Subject: Re: disable access to /cygdrive/c  ?
Date: Sat, 15 Mar 2003 19:00:18 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

roland wrote:
> Hello,
>
> is there a way to completly disable access tho paths below /cygdrive ?
> i.e. to make /cygdrive/* invisible/inaccessible ?
>
> I have setup sshd on my machine and now some developer can ssh into my
> machine
> and help me with developing stuff under cygwin.
> He can do what he wants inside c:\cygwin - but he shouldn`t be able to
> access other
> paths. Is it possible that i can hide that from him ?
> Shure, I could set appropriate ntfs acls - but what if i have fat32
> based filesystem?
>
> regards
> Roland
>
> pS:
> shure -this may not be bullet proof since he can execute code on my
> computer - but at
> least it is not too simple and needs "hacker intention".

NTFS ACLs are the only way.

If this person doesn't have "hacker intention", then his self-discipline
will be sufficient to keep him within the cygwin root, right?

Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/