Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Injected-Via-Gmane: http://gmane.org/
To: cygwin AT cygwin DOT com
From: "L. Li" <ll2li AT engmail DOT uwaterloo DOT ca>
Subject: Re: File/Directory Permissions and Security
Date: Sat, 12 Apr 2003 19:16:07 -0400
Lines: 52
Message-ID: <b7a6mi$chg$1@main.gmane.org>
References: <b787l5$2ul$1 AT main DOT gmane DOT org> <20030412133901 DOT GA35123357 AT hpn5170x>
X-Complaints-To: usenet AT main DOT gmane DOT org
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

That works. Figured out why the windows ACL administration was all messed up
too. Thanks! :)

L

"Pierre A. Humblet" <pierre DOT humblet AT ieee DOT org> wrote in message
news:20030412133901 DOT GA35123357 AT hpn5170x...
> On Sat, Apr 12, 2003 at 01:20:08AM -0400, L. Li wrote:
> > Hi,
> >
> > I'm a Cygwin and Unix newbie (kinda anyway - it's my first time
> > administrating). I recently set up an openSSH server on my box via
Cygwin
> > and I'm trying to set up proper file/directory permissions. I called a
> > recursive chmod so that only the owners of each object can write, while
all
> > others can only read and execute.
> >
> > After doing this, I went to verify that this was the case and logged in
> > under a user that was not the owner of anything but his home directory.
The
> > home directory permissions worked great. Only he had write access.
However,
> > outside of that, he could write to any directory he wanted to (except
for
> > the root C and D hard drives - don't know why). I'm wondering what I
have to
> > do to revoke write access to directories once I've ssh'ed into my box.
Once
> > I can get this basic policy up, I'll tamper with more specific
permissions
> > on a per object basis. But right now I can't seem to get this working.
>
> Access is controlled by ACLs that may have more entries than just for
owner,
> group and everyone. "ls -l" displays a "+" when this is the case.
> You can observe the acl with "getfacl" or "cacls".
>
> chmod does not affect the permissions of the extraneous groups, but you
can
> change or remove them with "setfacl" or the Windows security GUI.
>
> If you use setfacl on a directory, I highly recommend that you specify
default
> permissions for owner, group and everyone. Otherwise files created by
non-cygwin
> applications may have unexpected permissions.
>
> Pierre
>




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/