X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=gjwBLqah4xor+gRbgEynBNnMVkzrOX+hUJx96wfqjvUzZTJBfS5Ix
	MbT1G+Luo5Ml0UBYQyYU0MMIlhofgvhuu9ZBN0Sp5uW1pvBNQB95d7ZcQ9kazvtP
	RcrVzVf4/0CO7DZTnhMDzq1ZPvss2QpbZnt9J5YaUNwkJDCajXEaXs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=JPXT9qfKNNcyrZ7Bxu4vbXhG2nk=; b=BcbQAHUq0omtnbsPFs2r6IzN3WAc
	3Fa304cWpEWr0u7R8Lag8XuzMp7IExniq4/C5ypFmrf5M7D4WO6yraq7TzjNispe
	BjZhVbP/NhpwsdZ0WqXb5u6qUCMvSX4UxqMNjer+hjaJfm3EYa/b19bI7ZHXLdNv
	oQr6XicnllFTXXk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-102.1 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,KB_WAM_FROM_NAME_SINGLEWORD,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=queues, D*ru
X-HELO: drew.franken.de
Date: Tue, 28 Nov 2017 15:27:06 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: [EXTERNAL] Re: Issues hiding /dev virtual directory from SFTP users
Message-ID: <20171128142706.GU547@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <2512145081DA00479295CF769D4C8F350128B3517D AT BNVMMSX0A61086A DOT polysci DOT com> <84854143 DOT 20171128025948 AT yandex DOT ru> <2512145081DA00479295CF769D4C8F350128B364F1 AT BNVMMSX0A61086A DOT polysci DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="D6z0c4W1rkZNF4Vu"
Content-Disposition: inline
In-Reply-To: <2512145081DA00479295CF769D4C8F350128B364F1@BNVMMSX0A61086A.polysci.com>
User-Agent: Mutt/1.9.1 (2017-09-22)

--D6z0c4W1rkZNF4Vu
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


Please, don't top-post.

On Nov 28 12:50, snorthrop AT moog DOT com wrote:
>> From: Andrey Repin [mailto:anrdaemon AT yandex DOT ru]=20
>> Sent: Monday, November 27, 2017 7:00 PM
>> To: Northrop, Shad <snorthrop AT moog DOT com>; cygwin AT cygwin DOT com
>> Subject: [EXTERNAL] Re: Issues hiding /dev virtual directory from SFTP u=
sers
>>=20
>> Greetings, snorthrop AT moog DOT com!
>>=20
>> > Hello,
>>=20
>> > I am trying to get sftp secured using OpenSSH.  I have been able to ja=
il
>> > the users to their home directory and remove the cygdrive virtual dire=
ctory
>> > from showing but I have been unable to get the /dev virtual directory
>> > removed from the users when they SFTP.  In the past I have been able t=
o just
>> > add "/dev /null none bind" to the fstab file but that no longer works.
>>=20
>> > Can anyone suggest how I may be able to accomplish this with CYGWIN_NT=
-6.3 and openssh 7.6p 1-1 ?
>>=20
>> If you jail the user to their home directory, they shouldn't be able to =
see
>> the Cygwin root in first place.
>> I don't understand your issue.
>
> Andrey,
>=20
> They are not able to see the cygdrive.  They are able to see the /dev
> virtual directory and all of the device mounts within it.

And why do you want to remove that?  There's nothing in /dev your users
shouldn't see, but there's stuff in there required for certain
functionality.  For instance, bash handles /dev/std{in,out,err} and
people may rely on this.  Also, any application using the default paths
for POSIX shmem, semaphores and message queues will stop working.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--D6z0c4W1rkZNF4Vu
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJaHXI6AAoJEPU2Bp2uRE+g8OgQAJ1L2NVLsJI73uU19/yoYF22
mYrojkQ2oheIX6VDZdwyyWXiaFub60/u9Q8vDKpSMXxJBjAaddtxTYHqKWw9SC59
kqdvnhZLoqzmPe9EIYneiJLtsoIOYDxHLMfCf5PGauJ/EWeS26cgIcFLUCXCGrfr
KeJpaqay1NoqA/e7Crav0i+kVGorEvauZZRefUuTOCXCLQoSB0rNe17tA1tZJRGO
viWwvjpfxStbp+xilf/qK4LypziySgI1uv6dL72xh4Agy/YyXcus+GY1Kxlgzl4V
5ier7CJ/xt9+ETuYfIB0RCpjVmuLqr01DL8itkwevLaYujIXj7NDQaZDsYZxoPx4
eNX3ZAXsEDgnN3go9S7ya8EPONI6BFB6ieU/vCNL4YiCFe6WdVfTKQbR5XCJneb9
2MlIr5km1sy1HWMIYP24bbVJ+N6Lm+XwCzNr0Ckkj2CchRQFQM9fGFesupV6bKu5
+Nio0hfg8hmOS//j5FDhwya1JSN3lyCMpAqYy/lHeuiKexb4eqA96gyO8I7JcK+m
iVM6StXztjTK9g/b0SbjjBbIIEINz0ytXVEu+n5AYdyb/tR0vpt0hMRfoaeQ/V/Z
J3KmGHsAps3tHvvkvHiPWWTjzSDX/EchcJ1q17Yr3Cmncbi3VZMvu8x9omQYlYo8
XoXWMa+Nu3D1fOia5EAP
=l0ru
-----END PGP SIGNATURE-----

--D6z0c4W1rkZNF4Vu--