From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mailsrv.cs.umass.edu (mailsrv.cs.umass.edu [128.119.240.136]) by sourceware.org (Postfix) with ESMTPS id 078DD3858D20 for ; Fri, 14 Apr 2023 03:03:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 078DD3858D20 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=cs.umass.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.umass.edu Received: from [192.168.50.148] (c-24-62-201-179.hsd1.ma.comcast.net [24.62.201.179]) by mailsrv.cs.umass.edu (Postfix) with ESMTPSA id 946AD401D757; Thu, 13 Apr 2023 23:03:41 -0400 (EDT) Message-ID: <88697a53-26db-6969-2c18-3d6133d248c1@cs.umass.edu> Date: Thu, 13 Apr 2023 23:03:40 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 Reply-To: moss@cs.umass.edu Content-Language: en-US From: Eliot Moss To: cygwin Subject: Permissions question / issue Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Dear cygwin'ers - I seem to be caught in a bind with the Cygwin permissions setup. ssh insists that ~/.ssh/config have permissions no less permissive than rw------- (600). However, my backup program runs as SYSTEM and needs access. I tried to provide that access by adding an ACL g:SYSTEM:r-x, but that appears as rw-r-x--- and ssh doesn't like it. I seem to recall that at some point in the past we agreed to ignore the permissions given to SYSTEM when computing effective permission (e.g., as output by ls -l). That would suit the purpose. Did something change? or am I misremembering the solution to the conundrum? Note: I have Administrator privilege on my machine, but that doesn't help, since the backup tool runs under SYSTEM, a different account. Best wishes - Eliot Moss