Added chgrp None ~/.ssh/* hack to FAQ item 4.40

diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog
index 91d80a9ed0ccd53a76534f511dd693bca74e6dd6..8737ced2c0dc649b54fc7357ae2d396c4e96606c 100644 (file)
--- a/winsup/doc/ChangeLog
+++ b/winsup/doc/ChangeLog
@@ -1,3 +1,8 @@
+2015-02-24  Warren Young  <warren@etr-usa.com>
+
+       * faq-using.xml (faq.using.ssh-pubkey-stops-working): Added the
+       chgrp None ~/.ssh/* fix for SSH key failure in Cygwin 1.7.34+.
+
 2015-02-17  Warren Young  <warren@etr-usa.com>
 
        * faq-using.xml (faq.using.startup-slow): Applied Andrey Repin's

diff --git a/winsup/doc/faq-using.xml b/winsup/doc/faq-using.xml
index 14bc9ffd85a9270722a7c5b46c1d2b6db33108ea..9351bc8502206bbd5cc64810432f11f79b5be9d4 100644 (file)
--- a/winsup/doc/faq-using.xml
+++ b/winsup/doc/faq-using.xml
@@ -1125,6 +1125,26 @@ be not too open:</para>
   -rw-------  1 user group 1766 Aug 26  2013 .ssh/id_rsa
 </screen>
 
+<para>If the second <command>ls</command> command still gives you
+<computeroutput>-rw-rw----</computeroutput> permissions after running
+the above commands, it is proably because the file's primary group
+is your user's personal group:</para>
+
+<screen>
+  $ ls -l .ssh/id_rsa
+  -rw-rw----  1 Fred Fred 1766 Aug 26  2013 .ssh/id_rsa
+</screen>
+
+<para>Since the Windows security system treats groups and users as
+much the same thing, a change to the user or group permissions on
+such a file reflects the change to both user and group. In effect,
+mode 0600 becomes mode 0660. Because we are saying we want these
+files to be readable only by our user, the fix for this is easy:</para>
+
+<screen>
+  $ chgrp None ~/.ssh/*
+</screen>
+
 <para>For more information on <command>setfacl</command>, see
 <ulink url="https://cygwin.com/cygwin-ug-net/using-utils.html#setfacl"/></para>
 </answer></qandaentry>