* Re: Cygdrive mounts
2002-04-23 12:37 ` Michael A Chase
@ 2002-04-23 12:38 ` Chris Ellsworth
2002-04-23 12:52 ` Larry Hall (RFK Partners, Inc)
2002-04-23 12:42 ` Larry Hall (RFK Partners, Inc)
2002-04-23 12:53 ` Christopher Faylor
2 siblings, 1 reply; 11+ messages in thread
From: Chris Ellsworth @ 2002-04-23 12:38 UTC (permalink / raw)
To: Michael A Chase, cygwin
oh well
i think what im going to do is put all the users that connect into a
group then give that group deny rights to C:\ and other drives
that would probly do it for me.
----- Original Message -----
From: "Michael A Chase" <mchase@ix.netcom.com>
To: "Chris Ellsworth" <cke@highlandshighspeed.net>;
<cygwin@cygwin.com>
Sent: Tuesday, April 23, 2002 12:27 PM
Subject: Re: Cygdrive mounts
> On Tue, 23 Apr 2002 10:45:52 -0700 Chris Ellsworth
<cke@highlandshighspeed.net> wrote:
>
> > I am doing install of this for sshd on windows for clients for the
> > purpose of forwarding ports for access such as VNC, pcanywhere FTP
and
> > other items and i dont want to give access to the other areas of
the
> > drives. I tryed the umount command and have not sucessfully
removed
> > it. maybe i am doing something but here is what i have done.
> >
> > [admin@2k-iis-ikon]~:{103}:$ mount
> > c:\cygwin\bin on /usr/bin type system (binmode)
> > c:\cygwin\lib on /usr/lib type system (binmode)
> > c:\cygwin on / type system (binmode)
> > c: on /cygdrive/c type user (textmode,noumount)
> > f: on /cygdrive/f type user (textmode,noumount)
> > [admin@2k-iis-ikon]~:{104}:$ umount -U
> > [admin@2k-iis-ikon]~:{105}:$ mount
> > c:\cygwin\bin on /usr/bin type system (binmode)
> > c:\cygwin\lib on /usr/lib type system (binmode)
> > c:\cygwin on / type system (binmode)
> > c: on /cygdrive/c type user (textmode,noumount)
> > f: on /cygdrive/f type user (textmode,noumount)
> > [admin@2k-iis-ikon]~:{106}:$
>
> You are likely doomed to disappointment. Even if you disable
/cygdrive/c,
> c:/xxx will probably still work. Perhaps sshd will allow you to
specify a
> local root. You can link or mount whatever you want to allow access
to
> from inside there.
>
> I tried "umount -U -c" and "umount -c", but neither worked for me,
probably
> a local system problem. I was able to delete the information in the
> registry (HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts
v2),
> but I don't know what other side effects might result so I'm putting
it
> back right away.
>
> --
> Mac :})
> ** I normally forward private questions to the appropriate mail
list. **
> Ask Smarter: http://www.tuxedo.org/~esr/faqs/smart-questions.htm
> Give a hobbit a fish and he eats fish for a day.
> Give a hobbit a ring and he eats fish for an age.
>
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Cygdrive mounts
2002-04-23 12:38 ` Chris Ellsworth
@ 2002-04-23 12:52 ` Larry Hall (RFK Partners, Inc)
0 siblings, 0 replies; 11+ messages in thread
From: Larry Hall (RFK Partners, Inc) @ 2002-04-23 12:52 UTC (permalink / raw)
To: Chris Ellsworth, Michael A Chase, cygwin
Yep.
Larry Hall lhall@rfk.com
RFK Partners, Inc. http://www.rfk.com
838 Washington Street (508) 893-9779 - RFK Office
Holliston, MA 01746 (508) 893-9889 - FAX
At 03:30 PM 4/23/2002, Chris Ellsworth wrote:
>oh well
>i think what im going to do is put all the users that connect into a
>group then give that group deny rights to C:\ and other drives
>that would probly do it for me.
>
>----- Original Message -----
>From: "Michael A Chase" <mchase@ix.netcom.com>
>To: "Chris Ellsworth" <cke@highlandshighspeed.net>;
><cygwin@cygwin.com>
>Sent: Tuesday, April 23, 2002 12:27 PM
>Subject: Re: Cygdrive mounts
>
>
> > On Tue, 23 Apr 2002 10:45:52 -0700 Chris Ellsworth
><cke@highlandshighspeed.net> wrote:
> >
> > > I am doing install of this for sshd on windows for clients for the
> > > purpose of forwarding ports for access such as VNC, pcanywhere FTP
>and
> > > other items and i dont want to give access to the other areas of
>the
> > > drives. I tryed the umount command and have not sucessfully
>removed
> > > it. maybe i am doing something but here is what i have done.
> > >
> > > [admin@2k-iis-ikon]~:{103}:$ mount
> > > c:\cygwin\bin on /usr/bin type system (binmode)
> > > c:\cygwin\lib on /usr/lib type system (binmode)
> > > c:\cygwin on / type system (binmode)
> > > c: on /cygdrive/c type user (textmode,noumount)
> > > f: on /cygdrive/f type user (textmode,noumount)
> > > [admin@2k-iis-ikon]~:{104}:$ umount -U
> > > [admin@2k-iis-ikon]~:{105}:$ mount
> > > c:\cygwin\bin on /usr/bin type system (binmode)
> > > c:\cygwin\lib on /usr/lib type system (binmode)
> > > c:\cygwin on / type system (binmode)
> > > c: on /cygdrive/c type user (textmode,noumount)
> > > f: on /cygdrive/f type user (textmode,noumount)
> > > [admin@2k-iis-ikon]~:{106}:$
> >
> > You are likely doomed to disappointment. Even if you disable
>/cygdrive/c,
> > c:/xxx will probably still work. Perhaps sshd will allow you to
>specify a
> > local root. You can link or mount whatever you want to allow access
>to
> > from inside there.
> >
> > I tried "umount -U -c" and "umount -c", but neither worked for me,
>probably
> > a local system problem. I was able to delete the information in the
> > registry (HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts
>v2),
> > but I don't know what other side effects might result so I'm putting
>it
> > back right away.
> >
> > --
> > Mac :})
> > ** I normally forward private questions to the appropriate mail
>list. **
> > Ask Smarter: http://www.tuxedo.org/~esr/faqs/smart-questions.htm
> > Give a hobbit a fish and he eats fish for a day.
> > Give a hobbit a ring and he eats fish for an age.
> >
> >
> >
>
>
>--
>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>Bug reporting: http://cygwin.com/bugs.html
>Documentation: http://cygwin.com/docs.html
>FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Cygdrive mounts
2002-04-23 12:37 ` Michael A Chase
2002-04-23 12:38 ` Chris Ellsworth
@ 2002-04-23 12:42 ` Larry Hall (RFK Partners, Inc)
2002-04-23 12:53 ` Christopher Faylor
2 siblings, 0 replies; 11+ messages in thread
From: Larry Hall (RFK Partners, Inc) @ 2002-04-23 12:42 UTC (permalink / raw)
To: Michael A Chase, Chris Ellsworth, cygwin
At 03:27 PM 4/23/2002, Michael A Chase wrote:
>On Tue, 23 Apr 2002 10:45:52 -0700 Chris Ellsworth <cke@highlandshighspeed.net> wrote:
>
> > I am doing install of this for sshd on windows for clients for the
> > purpose of forwarding ports for access such as VNC, pcanywhere FTP and
> > other items and i dont want to give access to the other areas of the
> > drives. I tryed the umount command and have not sucessfully removed
> > it. maybe i am doing something but here is what i have done.
> >
> > [admin@2k-iis-ikon]~:{103}:$ mount
> > c:\cygwin\bin on /usr/bin type system (binmode)
> > c:\cygwin\lib on /usr/lib type system (binmode)
> > c:\cygwin on / type system (binmode)
> > c: on /cygdrive/c type user (textmode,noumount)
> > f: on /cygdrive/f type user (textmode,noumount)
> > [admin@2k-iis-ikon]~:{104}:$ umount -U
> > [admin@2k-iis-ikon]~:{105}:$ mount
> > c:\cygwin\bin on /usr/bin type system (binmode)
> > c:\cygwin\lib on /usr/lib type system (binmode)
> > c:\cygwin on / type system (binmode)
> > c: on /cygdrive/c type user (textmode,noumount)
> > f: on /cygdrive/f type user (textmode,noumount)
> > [admin@2k-iis-ikon]~:{106}:$
>
>You are likely doomed to disappointment. Even if you disable /cygdrive/c,
>c:/xxx will probably still work. Perhaps sshd will allow you to specify a
>local root. You can link or mount whatever you want to allow access to
>from inside there.
>
>I tried "umount -U -c" and "umount -c", but neither worked for me, probably
>a local system problem. I was able to delete the information in the
>registry (HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2),
>but I don't know what other side effects might result so I'm putting it
>back right away.
Right. Using 'mount'/'umount' as security enforcing mechanisms is the
wrong approach. Use 'chown', 'chgrp', and 'chmod' with 'ntsec' set in
your CYGWIN environment variable if you want to try to do this with Cygwin.
This approach also ends up being easy to compromise too though. Anyone
doing this is left with needing to set the proper permissions using Windows
mechanisms, I'm afraid.
Larry Hall lhall@rfk.com
RFK Partners, Inc. http://www.rfk.com
838 Washington Street (508) 893-9779 - RFK Office
Holliston, MA 01746 (508) 893-9889 - FAX
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Cygdrive mounts
2002-04-23 12:37 ` Michael A Chase
2002-04-23 12:38 ` Chris Ellsworth
2002-04-23 12:42 ` Larry Hall (RFK Partners, Inc)
@ 2002-04-23 12:53 ` Christopher Faylor
2002-04-23 13:22 ` Chris Ellsworth
2 siblings, 1 reply; 11+ messages in thread
From: Christopher Faylor @ 2002-04-23 12:53 UTC (permalink / raw)
To: cygwin
On Tue, Apr 23, 2002 at 12:27:45PM -0700, Michael A Chase wrote:
>On Tue, 23 Apr 2002 10:45:52 -0700 Chris Ellsworth <cke@highlandshighspeed.net> wrote:
>
>> I am doing install of this for sshd on windows for clients for the
>> purpose of forwarding ports for access such as VNC, pcanywhere FTP and
>> other items and i dont want to give access to the other areas of the
>> drives. I tryed the umount command and have not sucessfully removed
>> it. maybe i am doing something but here is what i have done.
>>
>> [admin@2k-iis-ikon]~:{103}:$ mount
>> c:\cygwin\bin on /usr/bin type system (binmode)
>> c:\cygwin\lib on /usr/lib type system (binmode)
>> c:\cygwin on / type system (binmode)
>> c: on /cygdrive/c type user (textmode,noumount)
>> f: on /cygdrive/f type user (textmode,noumount)
>> [admin@2k-iis-ikon]~:{104}:$ umount -U
>> [admin@2k-iis-ikon]~:{105}:$ mount
>> c:\cygwin\bin on /usr/bin type system (binmode)
>> c:\cygwin\lib on /usr/lib type system (binmode)
>> c:\cygwin on / type system (binmode)
>> c: on /cygdrive/c type user (textmode,noumount)
>> f: on /cygdrive/f type user (textmode,noumount)
>> [admin@2k-iis-ikon]~:{106}:$
>
>You are likely doomed to disappointment. Even if you disable /cygdrive/c,
>c:/xxx will probably still work. Perhaps sshd will allow you to specify a
>local root. You can link or mount whatever you want to allow access to
>from inside there.
>
>I tried "umount -U -c" and "umount -c", but neither worked for me, probably
>a local system problem. I was able to delete the information in the
>registry (HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2),
>but I don't know what other side effects might result so I'm putting it
>back right away.
'umount -U -c' and 'umount -c' are the same thing.
If you want to remove something from the system mount table use the
options mentioned in 'umount -h' for manipulating the system mount
table.
However, cygwin defaults to /cygdrive, so even if you remove /cygdrive
settings from the registry, /cygdrive will still work.
It might be possible to mount /cygdrive to something like '/:::' or
something, obfuscating its use.
cgf
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Cygdrive mounts
2002-04-23 12:53 ` Christopher Faylor
@ 2002-04-23 13:22 ` Chris Ellsworth
0 siblings, 0 replies; 11+ messages in thread
From: Chris Ellsworth @ 2002-04-23 13:22 UTC (permalink / raw)
To: cygwin
but if any unix user that know what im doing can doa mount and .. well
now the obscure is not so obscure any more
but do think the best option si to do ethe deny rights to the group
that comes in from ssh
----- Original Message -----
From: "Christopher Faylor" <cgf-cygwin@cygwin.com>
To: <cygwin@cygwin.com>
Sent: Tuesday, April 23, 2002 12:42 PM
Subject: Re: Cygdrive mounts
> On Tue, Apr 23, 2002 at 12:27:45PM -0700, Michael A Chase wrote:
> >On Tue, 23 Apr 2002 10:45:52 -0700 Chris Ellsworth
<cke@highlandshighspeed.net> wrote:
> >
> >> I am doing install of this for sshd on windows for clients for
the
> >> purpose of forwarding ports for access such as VNC, pcanywhere
FTP and
> >> other items and i dont want to give access to the other areas of
the
> >> drives. I tryed the umount command and have not sucessfully
removed
> >> it. maybe i am doing something but here is what i have done.
> >>
> >> [admin@2k-iis-ikon]~:{103}:$ mount
> >> c:\cygwin\bin on /usr/bin type system (binmode)
> >> c:\cygwin\lib on /usr/lib type system (binmode)
> >> c:\cygwin on / type system (binmode)
> >> c: on /cygdrive/c type user (textmode,noumount)
> >> f: on /cygdrive/f type user (textmode,noumount)
> >> [admin@2k-iis-ikon]~:{104}:$ umount -U
> >> [admin@2k-iis-ikon]~:{105}:$ mount
> >> c:\cygwin\bin on /usr/bin type system (binmode)
> >> c:\cygwin\lib on /usr/lib type system (binmode)
> >> c:\cygwin on / type system (binmode)
> >> c: on /cygdrive/c type user (textmode,noumount)
> >> f: on /cygdrive/f type user (textmode,noumount)
> >> [admin@2k-iis-ikon]~:{106}:$
> >
> >You are likely doomed to disappointment. Even if you disable
/cygdrive/c,
> >c:/xxx will probably still work. Perhaps sshd will allow you to
specify a
> >local root. You can link or mount whatever you want to allow
access to
> >from inside there.
> >
> >I tried "umount -U -c" and "umount -c", but neither worked for me,
probably
> >a local system problem. I was able to delete the information in
the
> >registry (HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus
Solutions\Cygwin\mounts v2),
> >but I don't know what other side effects might result so I'm
putting it
> >back right away.
>
> 'umount -U -c' and 'umount -c' are the same thing.
>
> If you want to remove something from the system mount table use the
> options mentioned in 'umount -h' for manipulating the system mount
> table.
>
> However, cygwin defaults to /cygdrive, so even if you remove
/cygdrive
> settings from the registry, /cygdrive will still work.
>
> It might be possible to mount /cygdrive to something like '/:::' or
> something, obfuscating its use.
>
> cgf
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 11+ messages in thread