This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: No way to use ssh ~/.ssh/config with "noacl" option

Matt D. writes:
> This makes sense because Cygwin is pulling the NTFS permissions as
> there are no Cygwin ACLs defined.
> The only workaround is to use Window's Security diaglog to disable
> inherited permissions and remove the Users group. This does seem to
> satisfy things.

That's the correct thing to do, even though you made this unnecessarily
hard for yourself by mounting your home directory with "noacl".

> I suppose the argument now is whether this behavior should change in
> the face of a drive mounted with "noacl". It took a bit of guesswork
> as neither chmod or setfacl was changing the NTFS permissions.

I don't think ssh should use files that are accessible by somebody
else.  The noacl mount option is sometimes useful, but certainly not in
this situation, as you found out.

> Interestingly, a config file that I chmodded when the drive was
> mounted with Cygwin ACLs still works with ssh even though "noacl" is
> now defined and it is still part of the HOSTNAME\Users group. Neither
> stat or getfacl show these permissions but they can be seen in the
> security tab of the file properties. I'm guessing that it works
> because it has HOSTNAME\None below HOSTNAME\<my account> or something?

The effective access rights as shown by icacls or similar tools should
tell you what is going on.  If the directory is not readable, then the
file is effectively inaccessible I think.

+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptation for Waldorf microQ V2.22R2:

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]