Locking down cygwin for security
Hello, Is it possible to disabled certain features to make cygwin secure over ssh such that the logged in user cannot: - cd into any /cygdrive drives - mount any local or UNC drives but still: - access a system wide mount to a local drive ??? Thanks, Colin -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Locking down cygwin for security
On Sep 3 12:11, Colin JN Breame wrote: Hello, Is it possible to disabled certain features to make cygwin secure over ssh such that the logged in user cannot: - cd into any /cygdrive drives - mount any local or UNC drives but still: - access a system wide mount to a local drive No. Securing a NT system requires using policies. Cygwin can't do that for you. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Locking down cygwin for security
Colin JN Breame wrote: Is it possible to disabled certain features to make cygwin secure over ssh such that the logged in user cannot: - cd into any /cygdrive drives - mount any local or UNC drives but still: - access a system wide mount to a local drive You will gain little additional security by doing this. As long as you can't prevent user from calling normal win32 applications (such as as cmd.exe) and win32 APIs (like CreateFile ()) he will be able to accesss any drives on your system you're supposing to prevent him from. Your only gain will be false sense of security. The way to achieve real security is to set proper access rights for all files on all filesystems on your host and all other hosts this user can log into. egor -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/