X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 q=dns; s=default; b=uYUbTJaSxMxEwEOYxR/hYj1SjqW091LY8OV51jKyQsK
	SnMYKqj7WEVDuXSGzxMPnOXj9RmP+GS3Ucu3kMTUKa2jTq+iUm383JNeeTRNTfFX
	OAd2NtRbVVutQs9gIIzciU3tIMdtCDVsqIssxtyTjIhPe5eaBGkqyoGgW/t6NFu8
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 s=default; bh=kJqR7xCGAnv5wPLELXYPM4cZzLE=; b=mBMYbFxH4xNwkPcqh
	Kg3du4rIvLJO3cJKj96KTn/FrF3oQJxI8srfQuooIf+FC/cNBTd5jUNXwNPemTUN
	DO6aV8uMkU8pKfhdfHqSPs2cnwzLnfsyOgQEnbEcl0Z1tanzKCNxdPPeKG1UVSZL
	miwbtVfDycTmzANRKj0N3vrfw0=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT autolearn=no version=3.3.1 spammy=expertise
X-HELO: Ishtar.sc.tlinx.org
Message-ID: <5D1FA591.4050605@tlinx.org>
Date: Fri, 05 Jul 2019 12:31:29 -0700
From: L A Walsh <cygwin AT tlinx DOT org>
User-Agent: Thunderbird
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Domain User restrictions - Windows server 2012 R2
References: <9e8b10829e18453f9e3af064a0d67c7c AT ATGRZSW1694 DOT avl01 DOT avlcorp DOT lan> <CANV9t=SFgKkmzpy6-LfLdR-Arvw34BwqpvMvznC2dKRKgUYYqg AT mail DOT gmail DOT com>
In-Reply-To: <CANV9t=SFgKkmzpy6-LfLdR-Arvw34BwqpvMvznC2dKRKgUYYqg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

On 2019/07/03 10:01, Bill Stewart wrote:
> On Wed, Jul 3, 2019 at 2:41 AM Bergbauer, Daniel AVL/DE vwrote:
>
>   
>> What I want now is, to restrict every user, who connects to the server via ssh, to its home folder /home/'username' == C:\projects\'username'
>>     

I don't know if this would work or be easy, but you could add everyone
to a special group, say 'cygmake', then use windows permission
to disallow access to directories they shouldn't be able to enter
using a windows "deny" entry.

You might have to play with it a bit, since you want them to have execute
access to the windows binaries, but maybe not read(?)  Never tried that
before,
but if that works...might solve your problem.

Also, for their individual directories, you might want them only readable
by the user themselves -- so no other users can read it.

It's not ideal, since it involves changing permissions everywhere you don't
want them going, but at least, it has the benefit of being limited to
the 1 group you'd have to restrict.

I feel like I'm lacking sufficient expertise in windows to come up with a
good solution -- maybe asking the question in a windows forum about how
to do the equivalent of chroot or restricting them to their directory and
some list of windows directories?

good luck!


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple