No way to use ssh ~/.ssh/config with "noacl" option

Matt D. codespunk@gmail.com
Sat Nov 4 17:38:00 GMT 2017


On 11/4/2017 1:15 PM, Matt D. wrote:
 > On 11/4/2017 11:43 AM, Achim Gratz wrote:
 >> That's the correct thing to do, even though you made this unnecessarily
 >> hard for yourself by mounting your home directory with "noacl".
 >
 > It's not perfect but I've always had trouble with all of the
 > modifications Cygwin makes to a file's permissions to support
 > POSIX-style ACLs. I do miss being able to manage them with chmod and
 > setfacl though.
 >
 > For those wishing to set their ssh config to 600 (as recognized by
 > Cygwin's ssh), use the following:
 >
 > Reset file permissions:
 >    icacls config /t /q /c /reset
 >
 > Inheritence must be disabled to alter other groups:
 >    icacls config /inheritance:d
 >
 > Effectively regarded as "group":
 >    icacls config /remove:g "Authenticated Users"
 >    icacls config /remove:g "Users"
 >
 > Regarded as "other":
 >    icacls config /remove:g "Everyone"
 >
 > Add the current user as the owner:
 >    icacls config /grant "%USERNAME%:rw"
 >
 >
 > Matt D.

My previous reply was missing "takeown" to take ownership. The correct 
sequence of commands is:

icacls config /t /q /c /reset
icacls config /inheritance:d
takeown /f config
icacls config /remove:g "Authenticated Users"
icacls config /remove:g "Users"
icacls config /remove:g "Everyone"
icacls config /grant "%USERNAME%:rw"

This is equivalent to "chmod 600 config".


Matt D.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list