X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=gjwBLqah4xor+gRbgEynBNnMVkzrOX+hUJx96wfqjvUzZTJBfS5Ix MbT1G+Luo5Ml0UBYQyYU0MMIlhofgvhuu9ZBN0Sp5uW1pvBNQB95d7ZcQ9kazvtP RcrVzVf4/0CO7DZTnhMDzq1ZPvss2QpbZnt9J5YaUNwkJDCajXEaXs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=JPXT9qfKNNcyrZ7Bxu4vbXhG2nk=; b=BcbQAHUq0omtnbsPFs2r6IzN3WAc 3Fa304cWpEWr0u7R8Lag8XuzMp7IExniq4/C5ypFmrf5M7D4WO6yraq7TzjNispe BjZhVbP/NhpwsdZ0WqXb5u6qUCMvSX4UxqMNjer+hjaJfm3EYa/b19bI7ZHXLdNv oQr6XicnllFTXXk= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-102.1 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,KB_WAM_FROM_NAME_SINGLEWORD,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=queues, D*ru X-HELO: drew.franken.de Date: Tue, 28 Nov 2017 15:27:06 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: [EXTERNAL] Re: Issues hiding /dev virtual directory from SFTP users Message-ID: <20171128142706.GU547@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <2512145081DA00479295CF769D4C8F350128B3517D AT BNVMMSX0A61086A DOT polysci DOT com> <84854143 DOT 20171128025948 AT yandex DOT ru> <2512145081DA00479295CF769D4C8F350128B364F1 AT BNVMMSX0A61086A DOT polysci DOT com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="D6z0c4W1rkZNF4Vu" Content-Disposition: inline In-Reply-To: <2512145081DA00479295CF769D4C8F350128B364F1@BNVMMSX0A61086A.polysci.com> User-Agent: Mutt/1.9.1 (2017-09-22) --D6z0c4W1rkZNF4Vu Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Please, don't top-post. On Nov 28 12:50, snorthrop AT moog DOT com wrote: >> From: Andrey Repin [mailto:anrdaemon AT yandex DOT ru]=20 >> Sent: Monday, November 27, 2017 7:00 PM >> To: Northrop, Shad ; cygwin AT cygwin DOT com >> Subject: [EXTERNAL] Re: Issues hiding /dev virtual directory from SFTP u= sers >>=20 >> Greetings, snorthrop AT moog DOT com! >>=20 >> > Hello, >>=20 >> > I am trying to get sftp secured using OpenSSH. I have been able to ja= il >> > the users to their home directory and remove the cygdrive virtual dire= ctory >> > from showing but I have been unable to get the /dev virtual directory >> > removed from the users when they SFTP. In the past I have been able t= o just >> > add "/dev /null none bind" to the fstab file but that no longer works. >>=20 >> > Can anyone suggest how I may be able to accomplish this with CYGWIN_NT= -6.3 and openssh 7.6p 1-1 ? >>=20 >> If you jail the user to their home directory, they shouldn't be able to = see >> the Cygwin root in first place. >> I don't understand your issue. > > Andrey, >=20 > They are not able to see the cygdrive. They are able to see the /dev > virtual directory and all of the device mounts within it. And why do you want to remove that? There's nothing in /dev your users shouldn't see, but there's stuff in there required for certain functionality. For instance, bash handles /dev/std{in,out,err} and people may rely on this. Also, any application using the default paths for POSIX shmem, semaphores and message queues will stop working. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --D6z0c4W1rkZNF4Vu Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJaHXI6AAoJEPU2Bp2uRE+g8OgQAJ1L2NVLsJI73uU19/yoYF22 mYrojkQ2oheIX6VDZdwyyWXiaFub60/u9Q8vDKpSMXxJBjAaddtxTYHqKWw9SC59 kqdvnhZLoqzmPe9EIYneiJLtsoIOYDxHLMfCf5PGauJ/EWeS26cgIcFLUCXCGrfr KeJpaqay1NoqA/e7Crav0i+kVGorEvauZZRefUuTOCXCLQoSB0rNe17tA1tZJRGO viWwvjpfxStbp+xilf/qK4LypziySgI1uv6dL72xh4Agy/YyXcus+GY1Kxlgzl4V 5ier7CJ/xt9+ETuYfIB0RCpjVmuLqr01DL8itkwevLaYujIXj7NDQaZDsYZxoPx4 eNX3ZAXsEDgnN3go9S7ya8EPONI6BFB6ieU/vCNL4YiCFe6WdVfTKQbR5XCJneb9 2MlIr5km1sy1HWMIYP24bbVJ+N6Lm+XwCzNr0Ckkj2CchRQFQM9fGFesupV6bKu5 +Nio0hfg8hmOS//j5FDhwya1JSN3lyCMpAqYy/lHeuiKexb4eqA96gyO8I7JcK+m iVM6StXztjTK9g/b0SbjjBbIIEINz0ytXVEu+n5AYdyb/tR0vpt0hMRfoaeQ/V/Z J3KmGHsAps3tHvvkvHiPWWTjzSDX/EchcJ1q17Yr3Cmncbi3VZMvu8x9omQYlYo8 XoXWMa+Nu3D1fOia5EAP =l0ru -----END PGP SIGNATURE----- --D6z0c4W1rkZNF4Vu--