From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 82620 invoked by alias); 28 Nov 2017 14:27:17 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 81707 invoked by uid 89); 28 Nov 2017 14:27:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-102.1 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,KB_WAM_FROM_NAME_SINGLEWORD,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=queues, D*ru X-HELO: drew.franken.de Received: from mail-n.franken.de (HELO drew.franken.de) (193.175.24.27) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 28 Nov 2017 14:27:15 +0000 Received: from aqua.hirmke.de (business-24-134-7-25.pool2.vodafone-ip.de [24.134.7.25]) (Authenticated sender: aquarius) by mail-n.franken.de (Postfix) with ESMTPSA id AECD971AF290C for ; Tue, 28 Nov 2017 15:27:07 +0100 (CET) Received: from calimero.vinschen.de (calimero.vinschen.de [192.168.129.6]) by aqua.hirmke.de (Postfix) with ESMTP id 8C5EF5E030D for ; Tue, 28 Nov 2017 15:27:04 +0100 (CET) Received: by calimero.vinschen.de (Postfix, from userid 500) id F1649A80740; Tue, 28 Nov 2017 15:27:06 +0100 (CET) Date: Tue, 28 Nov 2017 14:27:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: [EXTERNAL] Re: Issues hiding /dev virtual directory from SFTP users Message-ID: <20171128142706.GU547@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <2512145081DA00479295CF769D4C8F350128B3517D@BNVMMSX0A61086A.polysci.com> <84854143.20171128025948@yandex.ru> <2512145081DA00479295CF769D4C8F350128B364F1@BNVMMSX0A61086A.polysci.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="D6z0c4W1rkZNF4Vu" Content-Disposition: inline In-Reply-To: <2512145081DA00479295CF769D4C8F350128B364F1@BNVMMSX0A61086A.polysci.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-SW-Source: 2017-11/txt/msg00275.txt.bz2 --D6z0c4W1rkZNF4Vu Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1687 Please, don't top-post. On Nov 28 12:50, snorthrop@moog.com wrote: >> From: Andrey Repin [mailto:anrdaemon@yandex.ru]=20 >> Sent: Monday, November 27, 2017 7:00 PM >> To: Northrop, Shad ; cygwin@cygwin.com >> Subject: [EXTERNAL] Re: Issues hiding /dev virtual directory from SFTP u= sers >>=20 >> Greetings, snorthrop@moog.com! >>=20 >> > Hello, >>=20 >> > I am trying to get sftp secured using OpenSSH. I have been able to ja= il >> > the users to their home directory and remove the cygdrive virtual dire= ctory >> > from showing but I have been unable to get the /dev virtual directory >> > removed from the users when they SFTP. In the past I have been able t= o just >> > add "/dev /null none bind" to the fstab file but that no longer works. >>=20 >> > Can anyone suggest how I may be able to accomplish this with CYGWIN_NT= -6.3 and openssh 7.6p 1-1 ? >>=20 >> If you jail the user to their home directory, they shouldn't be able to = see >> the Cygwin root in first place. >> I don't understand your issue. > > Andrey, >=20 > They are not able to see the cygdrive. They are able to see the /dev > virtual directory and all of the device mounts within it. And why do you want to remove that? There's nothing in /dev your users shouldn't see, but there's stuff in there required for certain functionality. For instance, bash handles /dev/std{in,out,err} and people may rely on this. Also, any application using the default paths for POSIX shmem, semaphores and message queues will stop working. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --D6z0c4W1rkZNF4Vu Content-Type: application/pgp-signature; name="signature.asc" Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJaHXI6AAoJEPU2Bp2uRE+g8OgQAJ1L2NVLsJI73uU19/yoYF22 mYrojkQ2oheIX6VDZdwyyWXiaFub60/u9Q8vDKpSMXxJBjAaddtxTYHqKWw9SC59 kqdvnhZLoqzmPe9EIYneiJLtsoIOYDxHLMfCf5PGauJ/EWeS26cgIcFLUCXCGrfr KeJpaqay1NoqA/e7Crav0i+kVGorEvauZZRefUuTOCXCLQoSB0rNe17tA1tZJRGO viWwvjpfxStbp+xilf/qK4LypziySgI1uv6dL72xh4Agy/YyXcus+GY1Kxlgzl4V 5ier7CJ/xt9+ETuYfIB0RCpjVmuLqr01DL8itkwevLaYujIXj7NDQaZDsYZxoPx4 eNX3ZAXsEDgnN3go9S7ya8EPONI6BFB6ieU/vCNL4YiCFe6WdVfTKQbR5XCJneb9 2MlIr5km1sy1HWMIYP24bbVJ+N6Lm+XwCzNr0Ckkj2CchRQFQM9fGFesupV6bKu5 +Nio0hfg8hmOS//j5FDhwya1JSN3lyCMpAqYy/lHeuiKexb4eqA96gyO8I7JcK+m iVM6StXztjTK9g/b0SbjjBbIIEINz0ytXVEu+n5AYdyb/tR0vpt0hMRfoaeQ/V/Z J3KmGHsAps3tHvvkvHiPWWTjzSDX/EchcJ1q17Yr3Cmncbi3VZMvu8x9omQYlYo8 XoXWMa+Nu3D1fOia5EAP =l0ru -----END PGP SIGNATURE----- --D6z0c4W1rkZNF4Vu--