From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 39463 invoked by alias); 4 Nov 2017 15:43:52 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 39452 invoked by uid 89); 4 Nov 2017 15:43:52 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.2 required=5.0 tests=AWL,BAYES_40,SPF_PASS autolearn=ham version=3.3.2 spammy=ntfs, window's, guesswork, getfacl X-HELO: mx009.vodafonemail.xion.oxcs.net Received: from mx009.vodafonemail.xion.oxcs.net (HELO mx009.vodafonemail.xion.oxcs.net) (153.92.174.39) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 04 Nov 2017 15:43:50 +0000 Received: from vsmx002.vodafonemail.xion.oxcs.net (unknown [192.168.75.192]) by mta-6-out.mta.xion.oxcs.net (Postfix) with ESMTP id 9EBA6D9BD89 for ; Sat, 4 Nov 2017 15:43:47 +0000 (UTC) Received: from Gertrud (unknown [91.47.63.16]) by mta-6-out.mta.xion.oxcs.net (Postfix) with ESMTPA id 76ACF199C8E for ; Sat, 4 Nov 2017 15:43:45 +0000 (UTC) From: Achim Gratz To: cygwin@cygwin.com Subject: Re: No way to use ssh ~/.ssh/config with "noacl" option References: <59FD8C99.8010703@gmail.com> <20171104113723.GC18070@calimero.vinschen.de> <59FDA8D9.6050808@gmail.com> <59FDC12F.1080005@codespunk.com> <59FDDCFA.9030306@codespunk.com> Date: Sat, 04 Nov 2017 15:43:00 -0000 In-Reply-To: <59FDDCFA.9030306@codespunk.com> (Matt D.'s message of "Sat, 4 Nov 2017 11:30:02 -0400") Message-ID: <87shdudp76.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-VADE-STATUS: LEGIT X-SW-Source: 2017-11/txt/msg00083.txt.bz2 Matt D. writes: > This makes sense because Cygwin is pulling the NTFS permissions as > there are no Cygwin ACLs defined. > > The only workaround is to use Window's Security diaglog to disable > inherited permissions and remove the Users group. This does seem to > satisfy things. That's the correct thing to do, even though you made this unnecessarily hard for yourself by mounting your home directory with "noacl". > I suppose the argument now is whether this behavior should change in > the face of a drive mounted with "noacl". It took a bit of guesswork > as neither chmod or setfacl was changing the NTFS permissions. I don't think ssh should use files that are accessible by somebody else. The noacl mount option is sometimes useful, but certainly not in this situation, as you found out. > Interestingly, a config file that I chmodded when the drive was > mounted with Cygwin ACLs still works with ssh even though "noacl" is > now defined and it is still part of the HOSTNAME\Users group. Neither > stat or getfacl show these permissions but they can be seen in the > security tab of the file properties. I'm guessing that it works > because it has HOSTNAME\None below HOSTNAME\ or something? The effective access rights as shown by icacls or similar tools should tell you what is going on. If the directory is not readable, then the file is effectively inaccessible I think. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf microQ V2.22R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple