Bryan Berns writes: > In the real world in large corporations with focus on security, > "Administrators" is typically a tiered or least privilege arrangement.
He's talking about "Administrators" the SID (group). In any case, I'd start with a throwaway share (or save the permissions with subinacl if I had to use a live one). Then remove the inherited / default DACL from a subdirectory: mkdir sub setfacl -k sub setfacl -b sub Then check how this behaves w.r.t. POSIX permissions and file ownership. Populate this directory with files and check those, too. The ~/.ssh directory and their content shouldn't have any DACL on them in any case if you c want to be sure it works the way sshd is wanting it to. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
