From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mailsrv.cs.umass.edu (mailsrv.cs.umass.edu [128.119.240.136]) by sourceware.org (Postfix) with ESMTPS id E6EEA3858C54 for ; Fri, 14 Apr 2023 19:43:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E6EEA3858C54 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=cs.umass.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.umass.edu Received: from [192.168.50.148] (c-24-62-201-179.hsd1.ma.comcast.net [24.62.201.179]) by mailsrv.cs.umass.edu (Postfix) with ESMTPSA id 8C2A64015518; Fri, 14 Apr 2023 15:43:03 -0400 (EDT) Message-ID: <87c859fc-0bfb-e6cc-a29e-29ba4eaa1820@cs.umass.edu> Date: Fri, 14 Apr 2023 15:43:04 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Reply-To: moss@cs.umass.edu Subject: Re: Permissions question / issue Content-Language: en-US To: cygwin@cygwin.com References: <88697a53-26db-6969-2c18-3d6133d248c1@cs.umass.edu> From: Eliot Moss In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 4/14/2023 3:11 PM, Corinna Vinschen via Cygwin wrote: > On Apr 13 23:03, Eliot Moss via Cygwin wrote: >> Dear cygwin'ers - >> >> I seem to be caught in a bind with the Cygwin permissions setup. >> >> ssh insists that ~/.ssh/config have permissions no less permissive than rw------- (600). > > Huh? No, it doesn't, usually. My file has perms rw-r--r-- (644) and > that's perfectly fine. Also, I tried the same setting as you did, > i. e. > > $ getfacl config > # file: config > # owner: corinna > # group: vinschen > user::rw- > group::--- > group:SYSTEM:r-x > mask::r-x > other::--- > > And ssh still works as desired and does not throw any error. > > You can also add g:SYSTEM:r-x to the directories and it should have > no negative side effect. I just did that with ~/.ssh and ssh still > works as expected. Of course you're entirely right, Corinna! Not sure how I got it in my head that it needed 600 permissions. Thank you for clarifying! However ... ssh *does* demand that key files be accessible only by the user. Is there a solution - if necessary using Windows tools - to make ssh happy while allowing a SYSTEM backup tool to back up the file? Regards - Eliot