X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D7FC93857700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1681501398;
	bh=ebQejkTdy9wWs5xXkslFoerY1OAoml8RxrWleiICdZ4=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=AylDips+9bspWk2fWa3tsGLdPffRegFMC4QZO7Y6NK55a/jEL7wceysoxroK4McKu
	 08fWLrdgxj2IxT3wYoThmYpiw5fsG1POXcMoI4RUGctv/0qpFxsO+8u+b6KOwNagBN
	 95LJt+NOvH3uwr55uSbWzz7IOXap3ZqLHzyrj6Z4=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E6EEA3858C54
Message-ID: <87c859fc-0bfb-e6cc-a29e-29ba4eaa1820@cs.umass.edu>
Date: Fri, 14 Apr 2023 15:43:04 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.0
Subject: Re: Permissions question / issue
Content-Language: en-US
To: cygwin AT cygwin DOT com
References: <88697a53-26db-6969-2c18-3d6133d248c1 AT cs DOT umass DOT edu>
 <ZDmlSTitA7bLQzY1 AT calimero DOT vinschen DOT de>
In-Reply-To: <ZDmlSTitA7bLQzY1@calimero.vinschen.de>
X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL,
 KAM_DMARC_STATUS, NICE_REPLY_A, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Eliot Moss via Cygwin <cygwin AT cygwin DOT com>
Reply-To: moss AT cs DOT umass DOT edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

On 4/14/2023 3:11 PM, Corinna Vinschen via Cygwin wrote:
> On Apr 13 23:03, Eliot Moss via Cygwin wrote:
>> Dear cygwin'ers -
>>
>> I seem to be caught in a bind with the Cygwin permissions setup.
>>
>> ssh insists that ~/.ssh/config have permissions no less permissive than rw------- (600).
> 
> Huh?  No, it doesn't, usually.  My file has perms rw-r--r-- (644) and
> that's perfectly fine.  Also, I tried the same setting as you did,
> i. e.
> 
> $ getfacl config
> # file: config
> # owner: corinna
> # group: vinschen
> user::rw-
> group::---
> group:SYSTEM:r-x
> mask::r-x
> other::---
> 
> And ssh still works as desired and does not throw any error.
> 
> You can also add g:SYSTEM:r-x to the directories and it should have
> no negative side effect.  I just did that with ~/.ssh and ssh still
> works as expected.

Of course you're entirely right, Corinna!  Not sure how I got it
in my head that it needed 600 permissions.  Thank you for clarifying!

However ... ssh *does* demand that key files be accessible only by
the user.  Is there a solution - if necessary using Windows tools -
to make ssh happy while allowing a SYSTEM backup tool to back up
the file?

Regards - Eliot

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple