Switching to posix with no acl

Switching to posix with no acl

[Jim McNamara]

Hi all

Since there are no adduser or addgroup, I guess I'd create those files
manually off /etc.

Then I'd run passwd.

After that put in /etc/fstab

none /cygdrive cygdrive binary, posix=0, noacl, user 0 0

Close all processes.

That would give me a posix permission set up, right?

I read something about windows ignoring some dos bit with a file permission
but that is outside of cygwin...right?

Lastly, with acl you open an administrator cmd shell. With posix can I
escalate to root and stay away from admin cmd shell?

Is anyone else using posfix setup in general or mostly acl?

Thanks for any help!
Roboloki

Fwd: Switching to posix with no acl

[Jim McNamara]

---------- Forwarded message ---------
From: Jim McNamara <nefariousscheme@gmail.com>
Date: Sat, Nov 14, 2020, 12:57 AM
Subject: Switching to posix with no acl
To: Cygwin <cygwin@cygwin.com>


Hi all

Since there are no adduser or addgroup, I guess I'd create those files
manually off /etc.

Then I'd run passwd.

After that put in /etc/fstab

none /cygdrive cygdrive binary, posix=0, noacl, user 0 0

Close all processes.

That would give me a posix permission set up, right?

I read something about windows ignoring some dos bit with a file permission
but that is outside of cygwin...right?

Lastly, with acl you open an administrator cmd shell. With posix can I
escalate to root and stay away from admin cmd shell?

Is anyone else using posfix setup in general or mostly acl?

Thanks for any help!
Roboloki

Sat. Nov. 14 1:35 pm

Hi all-

I found in the manual about the execute bit permission being ignored in
filesystems with acl. That answered one question above. I can just take
advantage of how exe heuristics work.

If I find myself in a position where it needs administrator rights via a
shell, will it interfere with my posix permissions, users, or groups once
the /etc/groups and /etc/password and fstab are already setup

Did the fstab entry above look okay for posix permission?

Thanks for any assistance !
Roboloki

Fwd: Switching to posix with no acl

[Jim McNamara]

---------- Forwarded message ---------
From: Jim McNamara <nefariousscheme@gmail.com>
Date: Sat, Nov 14, 2020, 1:37 PM
Subject: Fwd: Switching to posix with no acl
To: Cygwin <cygwin@cygwin.com>




---------- Forwarded message ---------
From: Jim McNamara <nefariousscheme@gmail.com>
Date: Sat, Nov 14, 2020, 12:57 AM
Subject: Switching to posix with no acl
To: Cygwin <cygwin@cygwin.com>


Hi all

Since there are no adduser or addgroup, I guess I'd create those files
manually off /etc.

Then I'd run passwd.

After that put in /etc/fstab

none /cygdrive cygdrive binary, posix=0, noacl, user 0 0

Close all processes.

That would give me a posix permission set up, right?

I read something about windows ignoring some dos bit with a file permission
but that is outside of cygwin...right?

Lastly, with acl you open an administrator cmd shell. With posix can I
escalate to root and stay away from admin cmd shell?

Is anyone else using posfix setup in general or mostly acl?

Thanks for any help!
Roboloki

Sat. Nov. 14 1:35 pm

Hi all-

I found in the manual about the execute bit permission being ignored in
filesystems with acl. That answered one question above. I can just take
advantage of how exe heuristics work.

If I find myself in a position where it needs administrator rights via a
shell, will it interfere with my posix permissions, users, or groups once
the /etc/groups and /etc/password and fstab are already setup?

Did the fstab entry above look okay for posix permission?

Thanks for any assistance !
Roboloki

Sat. Nov. 14, 1:45 PM

HI all -

I had a privilege escalation window come up for instance when running a
system supplied configure script for sshd ( I think ). It gave the choices
yes or no prompting to choose carefully for noacl permission mode or acl
translation setup. I think that prompt is very good. Will it (administrator
mode) always at least ask or identify which type of setup if required?

Thanks as always,
Robo-loki

Re: Fwd: Switching to posix with no acl

[René Berber]

On 11/14/2020 12:37 PM, Jim McNamara via Cygwin wrote:

> Since there are no adduser or addgroup, I guess I'd create those files
> manually off /etc.

I think the recommended way is using the mkpasswd command.  Actually the 
recommended procedure is not to use anything.

Just run that command and take a look at the output.  You have to filter 
out most lines, only add the user you want.

Now run it with --help, you'll see you can list 'local' users AND domain 
users.  I put quotes on local because you can also specify local to 
which computer (as long as it is running SMB, I think).

Its about the same for groups: mkgroup.

Hope this helps a little.
-- 
R.Berber

Fwd: Fwd: Switching to posix with no acl

[Jim McNamara]

---------- Forwarded message ---------
From: Jim McNamara <nefariousscheme@gmail.com>
Date: Sat, Nov 14, 2020, 7:26 PM
Subject: Re: Fwd: Switching to posix with no acl
To: René Berber <rene.berber@gmail.com>




On Sat, Nov 14, 2020, 7:17 PM René Berber via Cygwin <cygwin@cygwin.com>
wrote:

> On 11/14/2020 12:37 PM, Jim McNamara via Cygwin wrote:
>
> > Since there are no adduser or addgroup, I guess I'd create those files
> > manually off /etc.
>
> I think the recommended way is using the mkpasswd command.  Actually the
> recommended procedure is not to use anything.
>
> Just run that command and take a look at the output.  You have to filter
> out most lines, only add the user you want.
>
> Now run it with --help, you'll see you can list 'local' users AND domain
> users.  I put quotes on local because you can also specify local to
> which computer (as long as it is running SMB, I think).
>
> Its about the same for groups: mkgroup.
>
> Hope this helps a little.
> --
> R.Berber
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple


Hi  R. Berber-

Thanks for the cool info. Can't wait to check it out :-)

Robo-loki


Hi R.


Yes. 'The recommendation is to not use anything.'

There are too many accounts specific to the OS like SYSTEM.

I think they serve a purpose. e.g. a process can run as system.

I vote for leaving well enough alone on this one.

I will just set permission at command line in mintty for stuff like ssh
authorized_keys etc. and not touch permission outside of mintty.

Have a cool night.

Thanks,
Robo-loki