X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; q=dns; s=default; b=ei JkRFb/Q31SXoV+X4dceS4lDJqZarEYL3+dndKOfVSEhpALeynxYrCK+/s6r/mrE7 /IcNtNmjntunTm4g8VA9/cZ7xBmE5ckYjLQGOSQl/iQBFFCvTS4Gu9ZRM8Z8FJLY 7r6lf5PCU5WqEpic9nLpFUWKVOP3VaYs9ki0V2ubE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; s=default; bh=956ScSaE hamoSekJDa7vOWklzZU=; b=MCkMcGfTwzRw3dkZvT6Ttj9kRvZ1wO2EOGY+Ua5g DRXu0/EMAzKj96t4UpgcBw5NYn2i6grkJMhIKfXnSRB/NU5H/VKPQTQI/W2R/jvl WBPhjIiJicpgbvWHcvXgKygp+0fvUTNFVxz7H/+CQIokSHhsZ5oyS3MUhGuFn1lG tOo= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-la0-f44.google.com MIME-Version: 1.0 X-Received: by 10.152.181.197 with SMTP id dy5mr42494242lac.57.1428001433199; Thu, 02 Apr 2015 12:03:53 -0700 (PDT) In-Reply-To: <87twwyxtin.fsf@Rainer.invalid> References: <152755247 DOT 20150401232333 AT yandex DOT ru> <402200952 DOT 20150402043205 AT yandex DOT ru> <1876247786 DOT 20150402183153 AT yandex DOT ru> <87twwyxtin DOT fsf AT Rainer DOT invalid> Date: Thu, 2 Apr 2015 15:03:53 -0400 Message-ID: Subject: Re: File Permissions - Yet Another Question / Clarification From: Bryan Berns To: cygwin AT cygwin DOT com Content-Type: text/plain; charset=UTF-8 X-IsSubscribed: yes > He's talking about "Administrators" the SID (group). Interesting. Given the built-in Administrators group doesn't often [directly] play into permissions on remote systems or cross-system permission models, I'm not sure where he was going with that. Regardless, I'll consider it water under the bridge. > In any case, I'd start with a throwaway share (or save the permissions > with subinacl if I had to use a live one). Then remove the inherited / > default DACL from a subdirectory: > > mkdir sub > setfacl -k sub > setfacl -b sub > > Then check how this behaves w.r.t. POSIX permissions and file ownership. > Populate this directory with files and check those, too. The ~/.ssh > directory and their content shouldn't have any DACL on them in any case > if you c want to be sure it works the way sshd is wanting it to. > > > Regards, > Achim. Thanks for advice -- I will give it a shot and dive in deeper. I think I have two problems I'm interesting in understanding more / resolving: 1) why doesn't Cygwin think my user has permissions to the files and 2) how can I get SSH to believe the two "admin" groups on my files are acceptable. I'm not optimistic I'm going to get SSH to change it's behavior so I may need to recompile it to avoid the check.... which is obviously not desirable from a maintainability standpoint. Appreciatively, Bryan -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple