No o+r permission for /usr/sbin/ssh-keysign.exe
After an unfortunate mishap with an encryption key, I have started to rebuild my harddisk. And making sure I have a good backup :( I noticed a problem with the file permissions for /usr/sbin/ssh-keysign.exe: $ getfacl.exe /usr/sbin/ssh-keysign.exe # file: /usr/sbin/ssh-keysign.exe # owner: andersej # group: Domain Users user::rwx group::--x other:--x For some reason, the Windows-based backup program (Seagate Manager) wants the Windows group "Everyone" to have read access. Otherwise it will report: ERROR >>> C:\cygwin64\usr\sbin\ssh-keysign.exe Access denied Is there some special reason for denying everyone read permission (o+r) to this file? PS: I have the same problem with /etc/rebase.db.x86_64 which only have 660 permissions. Regards, -- Jan Bruun Andersen cygcheck.out Description: Binary data -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: No o+r permission for /usr/sbin/ssh-keysign.exe
On Sep 7 16:43, Jan Bruun Andersen wrote: > After an unfortunate mishap with an encryption key, I have started to > rebuild my harddisk. And making sure I have a good backup :( > > I noticed a problem with the file permissions for /usr/sbin/ssh-keysign.exe: > > $ getfacl.exe /usr/sbin/ssh-keysign.exe > # file: /usr/sbin/ssh-keysign.exe > # owner: andersej > # group: Domain Users > user::rwx > group::--x > other:--x > > For some reason, the Windows-based backup program (Seagate Manager) > wants the Windows group "Everyone" to have read access. Otherwise it > will report: > > ERROR >>> C:\cygwin64\usr\sbin\ssh-keysign.exe > Access denied > > Is there some special reason for denying everyone read permission > (o+r) to this file? This is how upstream `make install' creates the permissions. This is a problem, though, because x without r doesn't work terribly well on Windows anyway, but OTOH this application requires some kind of "root" access, so it's setuid anyway. Since we don't support that, it's a bit useless ATM. > PS: I have the same problem with /etc/rebase.db.x86_64 which only have > 660 permissions. It's a created file, not a distributed one. Just change the perms as desired. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpbjQ6kXJJak.pgp Description: PGP signature
Re: No o+r permission for /usr/sbin/ssh-keysign.exe
On 07/09/2015 16:43, Jan Bruun Andersen wrote: After an unfortunate mishap with an encryption key, I have started to rebuild my harddisk. And making sure I have a good backup :( I noticed a problem with the file permissions for /usr/sbin/ssh-keysign.exe: $ getfacl.exe /usr/sbin/ssh-keysign.exe # file: /usr/sbin/ssh-keysign.exe # owner: andersej # group: Domain Users user::rwx group::--x other:--x For some reason, the Windows-based backup program (Seagate Manager) wants the Windows group "Everyone" to have read access. Otherwise it will report: ERROR >>> C:\cygwin64\usr\sbin\ssh-keysign.exe Access denied This looks a mistake of the backup program. What Security is in place if Everyone has read access ? Is there some special reason for denying everyone read permission (o+r) to this file? PS: I have the same problem with /etc/rebase.db.x86_64 which only have 660 permissions. Regards, -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: No o+r permission for /usr/sbin/ssh-keysign.exe
Greetings, Jan Bruun Andersen! > After an unfortunate mishap with an encryption key, I have started to > rebuild my harddisk. And making sure I have a good backup :( > I noticed a problem with the file permissions for /usr/sbin/ssh-keysign.exe: > $ getfacl.exe /usr/sbin/ssh-keysign.exe > # file: /usr/sbin/ssh-keysign.exe > # owner: andersej > # group: Domain Users > user::rwx > group::--x > other:--x > For some reason, the Windows-based backup program (Seagate Manager) > wants the Windows group "Everyone" to have read access. The reason is that it is not a backup program, it is a file copying program. Backup program must adjust its security token with SeBackupPrivilege. > Otherwise it will report: > ERROR >>> C:\cygwin64\usr\sbin\ssh-keysign.exe > Access denied > Is there some special reason for denying everyone read permission > (o+r) to this file? Yes. It is called "proper security". > PS: I have the same problem with /etc/rebase.db.x86_64 which only have > 660 permissions. See above. Use real backup software, not dumb file copying software. -- With best regards, Andrey Repin Monday, September 7, 2015 22:53:33 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple