X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:reply-to:references:to:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=GtuibXo2R5I6TdwS
	Q2YPlUiFWjBDbFdnvAlk9+6gSDm9u6q4ap3aECUJm36GoeOowZ8Of6FzJrbfg1iJ
	RCdFf2P+Sjvs4St/c6hYNYO96OAJKRQduWnoDamEk2rW0xVDmCLmdNiohqD1KXcs
	pTqdRSDmmZBGUOsr9YJ0nlOO5BA=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:reply-to:references:to:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=PHunloFvjzuMYCiZrEugbk
	BYEEE=; b=pyY5af8AZTI2+rAg4iqg5TvS/ui/jNrvxq7a8GIgdalLQkmxSa5ejh
	LPvtvEKNd1nL0Qt5D/ARk7VeZ0Oli/cEiLLTlPLbSqS1u0YN/hbpjDpIv2pSWqOs
	Nlo/yc3OVEiwkZugkuCzWVdHSJ+ysnTfjpiVhk/+9B4iR6DabTz7E=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,FREEMAIL_REPLYTO,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=username, perfect
X-HELO: mail-pf0-f172.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:from:subject:reply-to:references:to:message-id         :date:user-agent:mime-version:in-reply-to:content-transfer-encoding;        bh=TWh1DbUO7WNxGG6D+d/I7P2dqSHdJIz7o1hcRvxAp3c=;        b=kXaSJZJELwbGBeVi3lgWtOAExhhbzXuV7Gb9C+ffIJdL6POQo/qJdP8HY2QPaawdNz         g5auM8KCdYusXjmlGNikXJI0JzN2acRsHtScTVWoK+iUQqKAYZxl9xGWTZb5+dYhpC9w         usZnk+o/BSJDFceXjkYD6XalSUu1myv2lDZqQZooxisPvnw3jQWdmxeSqtY6HUX70Fo/         9JmTU6CxuOYntwp8mPL1KGwu8uVFKKmeXdvdd7D+EFCiPHonmM8F/6CkodOQZf66PDpC         F/HksAZqn3SJ9QdBgFdtcYhmnAreAK82U7ZIJgR1ORp3V9/p2yRq7vZoEgcgHZwlONgb         NoLg==
X-Gm-Message-State: AMCzsaXDZYNR9AIdnYMn338qUeTjhVM95jylJeY+eRsCBgCjqjj++zSA	9yCZ29SjQV3sFq4q491/0wpUcohW
X-Google-Smtp-Source: ABhQp+QATAqYXHytp3xvgrufKyyq/NWLwYnd/QM08v78OMrXHErBrWNlF0T5Az0NpZaRK0ciI2kQzA==
X-Received: by 10.99.154.66 with SMTP id e2mr10414450pgo.287.1509817124790;        Sat, 04 Nov 2017 10:38:44 -0700 (PDT)
From: "Matt D." <codespunk AT gmail DOT com>
X-Google-Original-From: "Matt D." <codespunk+cygwin AT gmail DOT com>
Subject: Re: No way to use ssh ~/.ssh/config with "noacl" option
Reply-To: codespunk+cygwin AT gmail DOT com, codespunk+cygwin AT gmail DOT com
References: <59FD8C99 DOT 8010703 AT gmail DOT com> <20171104113723 DOT GC18070 AT calimero DOT vinschen DOT de> <59FDA8D9 DOT 6050808 AT gmail DOT com> <59FDC12F DOT 1080005 AT codespunk DOT com> <59FDDCFA DOT 9030306 AT codespunk DOT com> <20171104163701 DOT GA23538 AT calimero DOT vinschen DOT de> <59FDF754 DOT 4040505 AT gmail DOT com>
To: cygwin AT cygwin DOT com
Message-ID: <59FDFB25.8060409@gmail.com>
Date: Sat, 4 Nov 2017 13:38:45 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <59FDF754.4040505@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

On 11/4/2017 1:15 PM, Matt D. wrote:
 > On 11/4/2017 11:43 AM, Achim Gratz wrote:
 >> That's the correct thing to do, even though you made this unnecessarily
 >> hard for yourself by mounting your home directory with "noacl".
 >
 > It's not perfect but I've always had trouble with all of the
 > modifications Cygwin makes to a file's permissions to support
 > POSIX-style ACLs. I do miss being able to manage them with chmod and
 > setfacl though.
 >
 > For those wishing to set their ssh config to 600 (as recognized by
 > Cygwin's ssh), use the following:
 >
 > Reset file permissions:
 >    icacls config /t /q /c /reset
 >
 > Inheritence must be disabled to alter other groups:
 >    icacls config /inheritance:d
 >
 > Effectively regarded as "group":
 >    icacls config /remove:g "Authenticated Users"
 >    icacls config /remove:g "Users"
 >
 > Regarded as "other":
 >    icacls config /remove:g "Everyone"
 >
 > Add the current user as the owner:
 >    icacls config /grant "%USERNAME%:rw"
 >
 >
 > Matt D.

My previous reply was missing "takeown" to take ownership. The correct 
sequence of commands is:

icacls config /t /q /c /reset
icacls config /inheritance:d
takeown /f config
icacls config /remove:g "Authenticated Users"
icacls config /remove:g "Users"
icacls config /remove:g "Everyone"
icacls config /grant "%USERNAME%:rw"

This is equivalent to "chmod 600 config".


Matt D.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple