This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: File Permissions - Yet Another Question / Clarification
- From: Achim Gratz <Stromeko at nexgo dot de>
- To: cygwin at cygwin dot com
- Date: Thu, 02 Apr 2015 20:41:20 +0200
- Subject: Re: File Permissions - Yet Another Question / Clarification
- Authentication-results: sourceware.org; auth=none
- References: <CADi7v6K6Xbz3JYB-=JC23YMCEHzhmV3sSOAtcE73ydTecbcR-Q at mail dot gmail dot com> <152755247 dot 20150401232333 at yandex dot ru> <CADi7v6L0LyBSMRHWpWkcRPv-9=mZQLMTOPcyLO_k8kujV=ypTQ at mail dot gmail dot com> <402200952 dot 20150402043205 at yandex dot ru> <CADi7v6+T7Wg=JncC2K-SWANkG6xKL+Z0Y+4azRLs1S8s-YXwdw at mail dot gmail dot com> <1876247786 dot 20150402183153 at yandex dot ru> <CADi7v6+xL4GPSCkQixXgyDBM2N7RNJmNLRgqyQrmVQqeJRERbQ at mail dot gmail dot com>
Bryan Berns writes:
> In the real world in large corporations with focus on security,
> "Administrators" is typically a tiered or least privilege arrangement.
He's talking about "Administrators" the SID (group).
In any case, I'd start with a throwaway share (or save the permissions
with subinacl if I had to use a live one). Then remove the inherited /
default DACL from a subdirectory:
mkdir sub
setfacl -k sub
setfacl -b sub
Then check how this behaves w.r.t. POSIX permissions and file ownership.
Populate this directory with files and check those, too. The ~/.ssh
directory and their content shouldn't have any DACL on them in any case
if you c want to be sure it works the way sshd is wanting it to.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple