From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-210354-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 85856 invoked by alias); 4 Nov 2017 17:38:48 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 85848 invoked by uid 89); 4 Nov 2017 17:38:47 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,FREEMAIL_REPLYTO,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=username, perfect
X-HELO: mail-pf0-f172.google.com
Received: from mail-pf0-f172.google.com (HELO mail-pf0-f172.google.com) (209.85.192.172) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 04 Nov 2017 17:38:46 +0000
Received: by mail-pf0-f172.google.com with SMTP id a8so4608403pfc.0        for <cygwin@cygwin.com>; Sat, 04 Nov 2017 10:38:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:from:subject:reply-to:references:to:message-id         :date:user-agent:mime-version:in-reply-to:content-transfer-encoding;        bh=TWh1DbUO7WNxGG6D+d/I7P2dqSHdJIz7o1hcRvxAp3c=;        b=kXaSJZJELwbGBeVi3lgWtOAExhhbzXuV7Gb9C+ffIJdL6POQo/qJdP8HY2QPaawdNz         g5auM8KCdYusXjmlGNikXJI0JzN2acRsHtScTVWoK+iUQqKAYZxl9xGWTZb5+dYhpC9w         usZnk+o/BSJDFceXjkYD6XalSUu1myv2lDZqQZooxisPvnw3jQWdmxeSqtY6HUX70Fo/         9JmTU6CxuOYntwp8mPL1KGwu8uVFKKmeXdvdd7D+EFCiPHonmM8F/6CkodOQZf66PDpC         F/HksAZqn3SJ9QdBgFdtcYhmnAreAK82U7ZIJgR1ORp3V9/p2yRq7vZoEgcgHZwlONgb         NoLg==
X-Gm-Message-State: AMCzsaXDZYNR9AIdnYMn338qUeTjhVM95jylJeY+eRsCBgCjqjj++zSA	9yCZ29SjQV3sFq4q491/0wpUcohW
X-Google-Smtp-Source: ABhQp+QATAqYXHytp3xvgrufKyyq/NWLwYnd/QM08v78OMrXHErBrWNlF0T5Az0NpZaRK0ciI2kQzA==
X-Received: by 10.99.154.66 with SMTP id e2mr10414450pgo.287.1509817124790;        Sat, 04 Nov 2017 10:38:44 -0700 (PDT)
Received: from [10.0.1.111] (ip68-230-148-254.ri.ri.cox.net. [68.230.148.254])        by smtp.gmail.com with ESMTPSA id 204sm13525440pgf.59.2017.11.04.10.38.44        for <cygwin@cygwin.com>        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);        Sat, 04 Nov 2017 10:38:44 -0700 (PDT)
From: "Matt D." <codespunk@gmail.com>
X-Google-Original-From: "Matt D." <codespunk+cygwin@gmail.com>
Subject: Re: No way to use ssh ~/.ssh/config with "noacl" option
Reply-To: codespunk+cygwin@gmail.com, codespunk+cygwin@gmail.com
References: <59FD8C99.8010703@gmail.com> <20171104113723.GC18070@calimero.vinschen.de> <59FDA8D9.6050808@gmail.com> <59FDC12F.1080005@codespunk.com> <59FDDCFA.9030306@codespunk.com> <20171104163701.GA23538@calimero.vinschen.de> <59FDF754.4040505@gmail.com>
To: cygwin@cygwin.com
Message-ID: <59FDFB25.8060409@gmail.com>
Date: Sat, 04 Nov 2017 17:38:00 -0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <59FDF754.4040505@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-SW-Source: 2017-11/txt/msg00087.txt.bz2

On 11/4/2017 1:15 PM, Matt D. wrote:
 > On 11/4/2017 11:43 AM, Achim Gratz wrote:
 >> That's the correct thing to do, even though you made this unnecessarily
 >> hard for yourself by mounting your home directory with "noacl".
 >
 > It's not perfect but I've always had trouble with all of the
 > modifications Cygwin makes to a file's permissions to support
 > POSIX-style ACLs. I do miss being able to manage them with chmod and
 > setfacl though.
 >
 > For those wishing to set their ssh config to 600 (as recognized by
 > Cygwin's ssh), use the following:
 >
 > Reset file permissions:
 >    icacls config /t /q /c /reset
 >
 > Inheritence must be disabled to alter other groups:
 >    icacls config /inheritance:d
 >
 > Effectively regarded as "group":
 >    icacls config /remove:g "Authenticated Users"
 >    icacls config /remove:g "Users"
 >
 > Regarded as "other":
 >    icacls config /remove:g "Everyone"
 >
 > Add the current user as the owner:
 >    icacls config /grant "%USERNAME%:rw"
 >
 >
 > Matt D.

My previous reply was missing "takeown" to take ownership. The correct 
sequence of commands is:

icacls config /t /q /c /reset
icacls config /inheritance:d
takeown /f config
icacls config /remove:g "Authenticated Users"
icacls config /remove:g "Users"
icacls config /remove:g "Everyone"
icacls config /grant "%USERNAME%:rw"

This is equivalent to "chmod 600 config".


Matt D.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple