No way to use ssh ~/.ssh/config with "noacl" option

Matt D.
Sat Nov 4 17:38:00 GMT 2017

On 11/4/2017 1:15 PM, Matt D. wrote:
 > On 11/4/2017 11:43 AM, Achim Gratz wrote:
 >> That's the correct thing to do, even though you made this unnecessarily
 >> hard for yourself by mounting your home directory with "noacl".
 > It's not perfect but I've always had trouble with all of the
 > modifications Cygwin makes to a file's permissions to support
 > POSIX-style ACLs. I do miss being able to manage them with chmod and
 > setfacl though.
 > For those wishing to set their ssh config to 600 (as recognized by
 > Cygwin's ssh), use the following:
 > Reset file permissions:
 >    icacls config /t /q /c /reset
 > Inheritence must be disabled to alter other groups:
 >    icacls config /inheritance:d
 > Effectively regarded as "group":
 >    icacls config /remove:g "Authenticated Users"
 >    icacls config /remove:g "Users"
 > Regarded as "other":
 >    icacls config /remove:g "Everyone"
 > Add the current user as the owner:
 >    icacls config /grant "%USERNAME%:rw"
 > Matt D.

My previous reply was missing "takeown" to take ownership. The correct 
sequence of commands is:

icacls config /t /q /c /reset
icacls config /inheritance:d
takeown /f config
icacls config /remove:g "Authenticated Users"
icacls config /remove:g "Users"
icacls config /remove:g "Everyone"
icacls config /grant "%USERNAME%:rw"

This is equivalent to "chmod 600 config".

Matt D.

Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list