This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: File Permissions - Yet Another Question / Clarification


Greetings, Bryan Berns!

>> He's talking about "Administrators" the SID (group).

> Interesting.  Given the built-in Administrators group doesn't often
> [directly] play into permissions on remote systems or cross-system
> permission models, I'm not sure where he was going with that.
> Regardless, I'll consider it water under the bridge.

"Domain Admins" group is a member of local Administrators group.
In properly set corporate environment, administrators that require management
access to client systems are also automatically added to this group.

>> In any case, I'd start with a throwaway share (or save the permissions
>> with subinacl if I had to use a live one).  Then remove the inherited /
>> default DACL from a subdirectory:
>>
>> mkdir sub
>> setfacl -k sub
>> setfacl -b sub
>>
>> Then check how this behaves w.r.t. POSIX permissions and file ownership.
>> Populate this directory with files and check those, too.  The ~/.ssh
>> directory and their content shouldn't have any DACL on them in any case
>> if you c want to be sure it works the way sshd is wanting it to.
>>
>>
>> Regards,
>> Achim.

> Thanks for advice -- I will give it a shot and dive in deeper.   I
> think I have two problems I'm interesting in understanding more /
> resolving:
> 1) why doesn't Cygwin think my user has permissions to the files and

I already told you at least one way to check it further.
Given my shallow understanding of Cygwin internals, I'm sure there's more
ways to look at it.
Or you can go straight to strace and gdb.

> 2) how can I get SSH to believe the two "admin" groups on my
> files are acceptable.

This one is simple: They are not acceptable in any way.
And insisting on this point is not going to get any appreciation any time
soon.


-- 
With best regards,
Andrey Repin
Friday, April 3, 2015 01:09:48

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]