X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0546E3857009 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1681501865; bh=qjDa523EhrxhkDrOxGWU0vW1QD8kJllZfJlo+cAkHBs=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=r24C6eEfBb2xqbkWl/m0hpWOoLi8+ZB6QFjEjlAWrbt3O6dOvKha2II/03M4qZEyG TWK/LiozNilRmtgXMh6rcgTbmlYVfoMfBWnMCXiIdUFAGHIEqRXqaeXNfcFqE7R37g omZMXlY6rdYlGKsS3UXU+QAPCgGDm6FoV3Ra4nbk= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 70B0F385415F Message-ID: <1e61ce54-407c-a719-f55a-c8c8ccbc4d6b@cs.umass.edu> Date: Fri, 14 Apr 2023 15:49:55 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: Permissions question / issue Content-Language: en-US To: cygwin AT cygwin DOT com References: <88697a53-26db-6969-2c18-3d6133d248c1 AT cs DOT umass DOT edu> <87c859fc-0bfb-e6cc-a29e-29ba4eaa1820 AT cs DOT umass DOT edu> In-Reply-To: <87c859fc-0bfb-e6cc-a29e-29ba4eaa1820@cs.umass.edu> X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, NICE_REPLY_A, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , From: Eliot Moss via Cygwin Reply-To: moss AT cs DOT umass DOT edu Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 33EJpR4b025988 On 4/14/2023 3:43 PM, Eliot Moss via Cygwin wrote: > On 4/14/2023 3:11 PM, Corinna Vinschen via Cygwin wrote: >> On Apr 13 23:03, Eliot Moss via Cygwin wrote: >>> Dear cygwin'ers - >>> >>> I seem to be caught in a bind with the Cygwin permissions setup. >>> >>> ssh insists that ~/.ssh/config have permissions no less permissive than rw------- (600). >> >> Huh? No, it doesn't, usually. My file has perms rw-r--r-- (644) and >> that's perfectly fine. Also, I tried the same setting as you did, >> i. e. >> >> $ getfacl config >> # file: config >> # owner: corinna >> # group: vinschen >> user::rw- >> group::--- >> group:SYSTEM:r-x >> mask::r-x >> other::--- >> >> And ssh still works as desired and does not throw any error. >> >> You can also add g:SYSTEM:r-x to the directories and it should have >> no negative side effect. I just did that with ~/.ssh and ssh still >> works as expected. > > Of course you're entirely right, Corinna! Not sure how I got it > in my head that it needed 600 permissions. Thank you for clarifying! > > However ... ssh *does* demand that key files be accessible only by > the user. Is there a solution - if necessary using Windows tools - > to make ssh happy while allowing a SYSTEM backup tool to back up > the file? More info: At present I have: $ getfacl id_rsa2 # file: id_rsa2 # owner: moss # group: moss user::rw- group::--- group:SYSTEM:r-- #effective:--- mask::--- other::--- $ icacls id_rsa2 id_rsa2 NULL SID:(DENY)(Rc,DC) ELIOT-SURFACE-3\moss:(R,W,D,WDAC,WO) ELIOT-SURFACE-3\moss:(Rc,S,RA) NT AUTHORITY\SYSTEM:(R) Everyone:(Rc,S,RA) I don't claim expert level understanding of the Windows access scheme, but Windows Explorer believes that SYSTEM has read access to the file, so I suppose this will work. I guess we're kind of lying to cygwin a little - but in a way that is useful here. Best wishes - Eliot -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple