TEST RELEASE: Cygwin 1.7.34-002

Ken Brown kbrown@cornell.edu
Fri Dec 12 14:35:00 GMT 2014 

On 12/12/2014 8:49 AM, Michael DePaulo wrote:
> On Sat, Dec 6, 2014 at 2:49 PM, Corinna Vinschen
> <corinna-cygwin@cygwin.com> wrote:
>> I finally released another TEST version of the next upcoming Cygwin
>> release.  The version number is 1.7.34-002.
>
> I *think* I am experiencing a very bad regression.
>
> These are the Windows permissions on my ~/.ssh/id_rsa file:
> C:\cygwin\home\mike\.ssh>icacls id_rsa
> id_rsa NT AUTHORITY\SYSTEM:(F)
>         DEPAULO\mike:(R,W,D,WDAC,WO)
>
> Under cygwin 1.7.33-2, I am able to use the file fine:
>
> mike@executor ~
> $ uname -a
> CYGWIN_NT-6.3-WOW64 executor 1.7.33-2(0.280/5/3) 2014-11-13 15:45 i686 Cygwin
>
> mike@executor ~
> $ ssh galactica
> Enter passphrase for key '/home/mike/.ssh/id_rsa':
> Last login: Fri Dec 12 08:36:39 2014 from executor.depaulo.org
> mike@galactica:~ :) [1] $ exit
> logout
> Connection to galactica closed.
>
> mike@executor ~
> $ cd .ssh
>
> mike@executor ~/.ssh
> $ ls -latr id_rsa
> -rw------- 1 mike mkpasswd 1743 Dec  7  2013 id_rsa
>
>
> But under 1.7.34-002, I get a permissions error:
>
> mike@executor ~
> $ uname -a
> CYGWIN_NT-6.3-WOW64 executor 1.7.34(0.282/5/3) 2014-12-06 18:03 i686 Cygwin
>
> mike@executor ~
> $ ssh galactica
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0670 for '/home/mike/.ssh/id_rsa' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> key_load_private_type: bad permissions
> mike@galactica's password:
>
>
> mike@executor ~
> $ cd .ssh
>
> mike@executor ~/.ssh
> $ ls -latr id_rsa
> -rw-rwx---+ 1 mike Domain Users 1743 Dec  7  2013 id_rsa

This isn't a regression.  It's a deliberate change, so that Cygwin now 
takes ACLs into account when calculating permissions.  The simplest fix 
is to use the new feature of setfacl to remove the unwanted permissions. 
  From the release announcement:

> - Add -b/--remove-all option to setfacl to reduce the ACL to only the
>   entries representing POSIX permission bits.

Ken


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list