This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SSHD configuration


On Thu, Feb 07, 2002 at 10:09:58PM -0500, Ilya Sterin wrote:
> Hello all.  I am trying to set up sshd on my win2k box and everything is
> successful.  But I have a question...
> Is there a way to restrict the users as well as directories per user.
> Although my win box has a few users, I only want to allow one to be able to
> ssh to this machine.  Also I would like to restrict this user to only one
> directory, and don't want to give them permissions to browse others ones?
> Is there a way to do both of the above tasks, or at least one of them?
> Thanks in Advance.

That's actually a task to perform in Windows native mode.  The
POSIX permissions in Cygwin are only able to deal with a subset of
the NTFS permissions.  There are especially user rights which
allow to do things which seem to be impossible due to the POSIX
permissions.  One user right is "Bypass traverse checking" which
is given to "Everyone" by default.  This allows to access a file
for which the user has permissions even if the parent directory
disallows any access!

Concludently Cygwin can only give security in the borders given by
the NT security settings.  You should consider to secure the system
from the native point of view and then match your ssh/sshd settings
into that system.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]