This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: ssh private key permissions




Corinna Vinschen wrote:

> On Wed, Jun 20, 2001 at 06:02:59PM -0400, Charles S. Wilson wrote:
> 
>>How do you use setfacl to set the correct permission properties on the 
>>hostkey files (regardless of whatever ACL's were previously applied)?
>>
> 
> The setfacl and getfacl commands as well as the corresponding API
> are implemented according to the SUN Solaris documentation. Since
> I don't know if SUN want's me to take their man pages, I just
> pointed to the man pages on http://docs.sun.com when I implemented
> that stuff. This is still valid.
> 
> So you can find the man pages on http://docs.sun.com. Just search
> for `setfacl'. 


Hmm... given the following file:
$ getfacl foo

# file: foo
# owner: 500
# group: 544
user::rw-
user:1002:r-x
group::rw-
group:545:r-x
group:1000:r-x
mask::rw-
other::rw-


I tried the following command (as Administrator=500, who's in group 545 
and 500.545 owns the file)
$ setfacl -s user::rw-,group::---,other::---,mask::--- foo
setfacl: missing entries.

$ setfacl -d group:1000 foo
<succeeded>
$ setfacl -d group:545 foo
<succeeded>
$ setfacl -d user:1002 foo
<succeeded>
$ getfacl foo
# file: foo
# owner: 500
# group: 544
user::rw-
group::rw-
mask::rw-
other::rw-

Okay, after removing the extra stuff by hand, try again:
$ setfacl -s user::rw-,group::---,other::---,mask::--- foo

setfacl: missing entries.


Aarrgh.  Okay, try it piecemeal:
$ setfacl -m user::rwx
<no error reported>
$ setfacl -m group::---
<no error reported>
$ setfacl -m other::---
setfacl: illegal acl entries
$ setfacl -m mask::---
setfacl: illegal acl entries
$ getfacl foo
~ > getfacl foo
# file: foo
# owner: 500
# group: 544
user::rw-
group::rw-
mask::rw-
other::rwx

!!!! the user:: perms were applied to other::, and the group perms 
didn't take effect. (And, of course, the other:: and mask:: perms 
commands failed)

What gives?  I do NOT understand ACLs.

--Chuck


--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]