This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: File/Directory Permissions and Security

From: "L. Li" <ll2li at engmail dot uwaterloo dot ca>
To: cygwin at cygwin dot com
Date: Sat, 12 Apr 2003 19:16:07 -0400
Subject: Re: File/Directory Permissions and Security
References: <b787l5$2ul$1@main.gmane.org> <20030412133901.GA35123357@hpn5170x>

That works. Figured out why the windows ACL administration was all messed up
too. Thanks! :)

L

"Pierre A. Humblet" <pierre dot humblet at ieee dot org> wrote in message
news:20030412133901 dot GA35123357 at hpn5170x dot  dot  dot 
> On Sat, Apr 12, 2003 at 01:20:08AM -0400, L. Li wrote:
> > Hi,
> >
> > I'm a Cygwin and Unix newbie (kinda anyway - it's my first time
> > administrating). I recently set up an openSSH server on my box via
Cygwin
> > and I'm trying to set up proper file/directory permissions. I called a
> > recursive chmod so that only the owners of each object can write, while
all
> > others can only read and execute.
> >
> > After doing this, I went to verify that this was the case and logged in
> > under a user that was not the owner of anything but his home directory.
The
> > home directory permissions worked great. Only he had write access.
However,
> > outside of that, he could write to any directory he wanted to (except
for
> > the root C and D hard drives - don't know why). I'm wondering what I
have to
> > do to revoke write access to directories once I've ssh'ed into my box.
Once
> > I can get this basic policy up, I'll tamper with more specific
permissions
> > on a per object basis. But right now I can't seem to get this working.
>
> Access is controlled by ACLs that may have more entries than just for
owner,
> group and everyone. "ls -l" displays a "+" when this is the case.
> You can observe the acl with "getfacl" or "cacls".
>
> chmod does not affect the permissions of the extraneous groups, but you
can
> change or remove them with "setfacl" or the Windows security GUI.
>
> If you use setfacl on a directory, I highly recommend that you specify
default
> permissions for owner, group and everyone. Otherwise files created by
non-cygwin
> applications may have unexpected permissions.
>
> Pierre
>




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- File/Directory Permissions and Security
  - From: L. Li
- Re: File/Directory Permissions and Security
  - From: Pierre A. Humblet

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]