X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=xbraJOoApEPTs33s
	jo2IuXtg7znS5Xbas92vxccdwTmKA+qUQqLiM0FgQ5jCutV03pm5CWCFboK/wYD8
	wqPOPjI1qMXWtKx5YOACr2rdDFuHa4wDVmHAcaTObMX6Un/SapMTDs47jmRBZhvX
	aI11MVeOTnIsyOvNiMJ3ge7sCIc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=lN7oHzG4l2P1jwdOZwMdwa
	LYRKw=; b=t9k8aiUxmzGgfdNm5BPRgOFVExzJQSTLSdE07sl+LX8UwCrudFmrh+
	YHwavIh9R6z3ckfYa9+GJ4/tNGaBM9gzhjkce41hbzw69XHKNQuSiiEiwcAmbqOn
	7Hcssl1fbQ8TDwCDdDiWPwpXvNPgQsH58X7K7cA4OzoYwGuDK/UzA=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: Yes, score=5.7 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,RCVD_IN_JMF_BL,SPF_SOFTFAIL autolearn=no version=3.3.2
X-HELO: smtp.ht-systems.ru
Date: Mon, 7 Sep 2015 22:56:09 +0300
From: Andrey Repin <anrdaemon AT yandex DOT ru>
Reply-To: cygwin AT cygwin DOT com
Message-ID: <491098012.20150907225609@yandex.ru>
To: Jan Bruun Andersen <jan_bruun_andersen AT jabba DOT dk>, cygwin AT cygwin DOT com
Subject: Re: No o+r permission for /usr/sbin/ssh-keysign.exe
In-Reply-To: <CAA3tTg-xO90s7MV=8fO-UOZLh=bL6f0mhjzyFttig34P83RF8A@mail.gmail.com>
References: <CAA3tTg-xO90s7MV=8fO-UOZLh=bL6f0mhjzyFttig34P83RF8A AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greetings, Jan Bruun Andersen!

> After an unfortunate mishap with an encryption key, I have started to
> rebuild my harddisk. And making sure I have a good backup :(

> I noticed a problem with the file permissions for  /usr/sbin/ssh-keysign.exe:

> $ getfacl.exe /usr/sbin/ssh-keysign.exe
> # file: /usr/sbin/ssh-keysign.exe
> # owner: andersej
> # group: Domain Users
> user::rwx
> group::--x
> other:--x

> For some reason, the Windows-based backup program (Seagate Manager)
> wants the Windows group "Everyone" to have read access.

The reason is that it is not a backup program, it is a file copying program.
Backup program must adjust its security token with SeBackupPrivilege.

> Otherwise it will report:

> ERROR  >>>      C:\cygwin64\usr\sbin\ssh-keysign.exe
>                       Access denied

> Is there some special reason for denying everyone read permission
> (o+r) to this file?

Yes. It is called "proper security".

> PS: I have the same problem with /etc/rebase.db.x86_64 which only have
> 660 permissions.

See above. Use real backup software, not dumb file copying software.


-- 
With best regards,
Andrey Repin
Monday, September 7, 2015 22:53:33

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple