This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: No way to use ssh ~/.ssh/config with "noacl" option


On 11/4/2017 1:15 PM, Matt D. wrote:
> On 11/4/2017 11:43 AM, Achim Gratz wrote:
>> That's the correct thing to do, even though you made this unnecessarily
>> hard for yourself by mounting your home directory with "noacl".
>
> It's not perfect but I've always had trouble with all of the
> modifications Cygwin makes to a file's permissions to support
> POSIX-style ACLs. I do miss being able to manage them with chmod and
> setfacl though.
>
> For those wishing to set their ssh config to 600 (as recognized by
> Cygwin's ssh), use the following:
>
> Reset file permissions:
>    icacls config /t /q /c /reset
>
> Inheritence must be disabled to alter other groups:
>    icacls config /inheritance:d
>
> Effectively regarded as "group":
>    icacls config /remove:g "Authenticated Users"
>    icacls config /remove:g "Users"
>
> Regarded as "other":
>    icacls config /remove:g "Everyone"
>
> Add the current user as the owner:
>    icacls config /grant "%USERNAME%:rw"
>
>
> Matt D.

My previous reply was missing "takeown" to take ownership. The correct sequence of commands is:

icacls config /t /q /c /reset
icacls config /inheritance:d
takeown /f config
icacls config /remove:g "Authenticated Users"
icacls config /remove:g "Users"
icacls config /remove:g "Everyone"
icacls config /grant "%USERNAME%:rw"

This is equivalent to "chmod 600 config".


Matt D.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]