This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: File Permissions - Yet Another Question / Clarification
- From: Bryan Berns <bryan dot berns at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Thu, 2 Apr 2015 15:03:53 -0400
- Subject: Re: File Permissions - Yet Another Question / Clarification
- Authentication-results: sourceware.org; auth=none
- References: <CADi7v6K6Xbz3JYB-=JC23YMCEHzhmV3sSOAtcE73ydTecbcR-Q at mail dot gmail dot com> <152755247 dot 20150401232333 at yandex dot ru> <CADi7v6L0LyBSMRHWpWkcRPv-9=mZQLMTOPcyLO_k8kujV=ypTQ at mail dot gmail dot com> <402200952 dot 20150402043205 at yandex dot ru> <CADi7v6+T7Wg=JncC2K-SWANkG6xKL+Z0Y+4azRLs1S8s-YXwdw at mail dot gmail dot com> <1876247786 dot 20150402183153 at yandex dot ru> <CADi7v6+xL4GPSCkQixXgyDBM2N7RNJmNLRgqyQrmVQqeJRERbQ at mail dot gmail dot com> <87twwyxtin dot fsf at Rainer dot invalid>
> He's talking about "Administrators" the SID (group).
Interesting. Given the built-in Administrators group doesn't often
[directly] play into permissions on remote systems or cross-system
permission models, I'm not sure where he was going with that.
Regardless, I'll consider it water under the bridge.
> In any case, I'd start with a throwaway share (or save the permissions
> with subinacl if I had to use a live one). Then remove the inherited /
> default DACL from a subdirectory:
>
> mkdir sub
> setfacl -k sub
> setfacl -b sub
>
> Then check how this behaves w.r.t. POSIX permissions and file ownership.
> Populate this directory with files and check those, too. The ~/.ssh
> directory and their content shouldn't have any DACL on them in any case
> if you c want to be sure it works the way sshd is wanting it to.
>
>
> Regards,
> Achim.
Thanks for advice -- I will give it a shot and dive in deeper. I
think I have two problems I'm interesting in understanding more /
resolving: 1) why doesn't Cygwin think my user has permissions to the
files and 2) how can I get SSH to believe the two "admin" groups on my
files are acceptable. I'm not optimistic I'm going to get SSH to
change it's behavior so I may need to recompile it to avoid the
check.... which is obviously not desirable from a maintainability
standpoint.
Appreciatively,
Bryan
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple