On Nov 1 08:16, Stephen Sheldon wrote: > I had some key files in ~/.ssh. They looked like this. > > -rw-------+ 1 sheldon None 1.7K Nov 1 07:09 id_rsa > -rw-r--r--+ 1 sheldon None 401 Nov 1 07:09 id_rsa.pub > -rw-r--r--+ 1 sheldon None 174 Nov 1 07:09 known_hosts > > After I installed 1.7.33-04 they looked like this. > > -rw-rwx---+ 1 sheldon None 1.7K Nov 1 07:09 id_rsa* > -rw-rwxr--+ 1 sheldon None 401 Nov 1 07:09 id_rsa.pub* > -rw-rwxr--+ 1 sheldon None 174 Nov 1 07:09 known_hosts* > > ssh complained about permissions when I tried to log on to another host. I > could not change the permissions back with chmod, either with chmod 600 or > chmod g-w ...
Correct. This is the result of the change to 1.7.33 to implement POSIX ACL handling more POSIX-like: There are permissions on the file given to other users and/or groups beside the primary user and group. Per POSIX, the group permission bits reflect the *sum* of all permission bits granted to other users and all groups, To easily get rid of such overly open permissions, I implemented the new setfacl -b flag: Initial situation: $ touch xxx $ ls -l xxx -rw-r--r-- 1 corinna vinschen 57110 Oct 27 14:47 xxx Grant permissions to "somebody else": $ setfacl -m g:administrators:rwx xxx $ getfacl xxx # file: xxx # owner: corinna # group: vinschen user::rw- group::r-- group:Administrators:rwx mask:rwx other:r-- $ ls -l xxx -rw-rwxr--+ 1 corinna vinschen 57110 Oct 27 14:47 xxx Revert to POSIX-only permissions: $ setfacl -b xxx $ ls -l xxx -rw-r--r-- 1 corinna vinschen 57110 Oct 27 14:47 xxx HTH, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
pgp02nM1AHFxk.pgp
Description: PGP signature
