X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; q=dns; s=default; b=eC3aM v2W6YCA7Y6cID0TFC+pHlimIGbxJktYDFpodyHHrcG9PoycJ2tfQxUKrrlUqLKAA Il+oyR5AuUTfxKRLRSkrpTa6Il3kl539+Ozxf8GmwlMUvzxqjmZ4/1bVIbPqKTBc fFwxF7gYWOX9UXluFqlgvg2nAi2rVMbvTiynwE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; s=default; bh=Yxva6yY5h1c 9E8NE5n0CAd6ZdNU=; b=hjhPVHZCiBU/EMiEe5zPLwUc+Lb33b+ry5G2EXOL0Iz W6r+v67124aFuiTydu+MYIKPEsMZWEx+moWDKPMDzMjMHX7SAo9Utn8qWKJraxv9 sqqiCAHum4bpwgJNph7s1R9S0av80k4kUw7qykWISh7CaSIul5pe/RmwT2A+ym0o = Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.2 required=5.0 tests=AWL,BAYES_40,SPF_PASS autolearn=ham version=3.3.2 spammy=ntfs, window's, guesswork, getfacl X-HELO: mx009.vodafonemail.xion.oxcs.net From: Achim Gratz To: cygwin AT cygwin DOT com Subject: Re: No way to use ssh ~/.ssh/config with "noacl" option References: <59FD8C99 DOT 8010703 AT gmail DOT com> <20171104113723 DOT GC18070 AT calimero DOT vinschen DOT de> <59FDA8D9 DOT 6050808 AT gmail DOT com> <59FDC12F DOT 1080005 AT codespunk DOT com> <59FDDCFA DOT 9030306 AT codespunk DOT com> Date: Sat, 04 Nov 2017 16:43:41 +0100 In-Reply-To: <59FDDCFA.9030306@codespunk.com> (Matt D.'s message of "Sat, 4 Nov 2017 11:30:02 -0400") Message-ID: <87shdudp76.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-VADE-STATUS: LEGIT Matt D. writes: > This makes sense because Cygwin is pulling the NTFS permissions as > there are no Cygwin ACLs defined. > > The only workaround is to use Window's Security diaglog to disable > inherited permissions and remove the Users group. This does seem to > satisfy things. That's the correct thing to do, even though you made this unnecessarily hard for yourself by mounting your home directory with "noacl". > I suppose the argument now is whether this behavior should change in > the face of a drive mounted with "noacl". It took a bit of guesswork > as neither chmod or setfacl was changing the NTFS permissions. I don't think ssh should use files that are accessible by somebody else. The noacl mount option is sometimes useful, but certainly not in this situation, as you found out. > Interestingly, a config file that I chmodded when the drive was > mounted with Cygwin ACLs still works with ssh even though "noacl" is > now defined and it is still part of the HOSTNAME\Users group. Neither > stat or getfacl show these permissions but they can be seen in the > security tab of the file properties. I'm guessing that it works > because it has HOSTNAME\None below HOSTNAME\ or something? The effective access rights as shown by icacls or similar tools should tell you what is going on. If the directory is not readable, then the file is effectively inaccessible I think. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf microQ V2.22R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple