Re: No way to use ssh ~/.ssh/config with "noacl" option
- Date: Sat, 04 Nov 2017 16:43:41 +0100
- From: Achim Gratz <Stromeko@xxxxxxxx>
- Subject: Re: No way to use ssh ~/.ssh/config with "noacl" option
Matt D. writes:
> This makes sense because Cygwin is pulling the NTFS permissions as
> there are no Cygwin ACLs defined.
> The only workaround is to use Window's Security diaglog to disable
> inherited permissions and remove the Users group. This does seem to
> satisfy things.
That's the correct thing to do, even though you made this unnecessarily
hard for yourself by mounting your home directory with "noacl".
> I suppose the argument now is whether this behavior should change in
> the face of a drive mounted with "noacl". It took a bit of guesswork
> as neither chmod or setfacl was changing the NTFS permissions.
I don't think ssh should use files that are accessible by somebody
else. The noacl mount option is sometimes useful, but certainly not in
this situation, as you found out.
> Interestingly, a config file that I chmodded when the drive was
> mounted with Cygwin ACLs still works with ssh even though "noacl" is
> now defined and it is still part of the HOSTNAME\Users group. Neither
> stat or getfacl show these permissions but they can be seen in the
> security tab of the file properties. I'm guessing that it works
> because it has HOSTNAME\None below HOSTNAME\<my account> or something?
The effective access rights as shown by icacls or similar tools should
tell you what is going on. If the directory is not readable, then the
file is effectively inaccessible I think.
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
SD adaptation for Waldorf microQ V2.22R2:
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple