This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Cygdrive mounts


At 03:27 PM 4/23/2002, Michael A Chase wrote:
>On Tue, 23 Apr 2002 10:45:52 -0700 Chris Ellsworth <cke@highlandshighspeed.net> wrote:
>
> > I am doing install of this for sshd on windows for clients for the
> > purpose of forwarding ports for access such as VNC, pcanywhere FTP and
> > other items and i dont want to give access to the other areas of the
> > drives. I tryed the umount command and have not sucessfully removed
> > it. maybe i am doing something but here is what i have done.
> > 
> > [admin@2k-iis-ikon]~:{103}:$ mount
> > c:\cygwin\bin on /usr/bin type system (binmode)
> > c:\cygwin\lib on /usr/lib type system (binmode)
> > c:\cygwin on / type system (binmode)
> > c: on /cygdrive/c type user (textmode,noumount)
> > f: on /cygdrive/f type user (textmode,noumount)
> > [admin@2k-iis-ikon]~:{104}:$ umount -U
> > [admin@2k-iis-ikon]~:{105}:$ mount
> > c:\cygwin\bin on /usr/bin type system (binmode)
> > c:\cygwin\lib on /usr/lib type system (binmode)
> > c:\cygwin on / type system (binmode)
> > c: on /cygdrive/c type user (textmode,noumount)
> > f: on /cygdrive/f type user (textmode,noumount)
> > [admin@2k-iis-ikon]~:{106}:$
>
>You are likely doomed to disappointment.  Even if you disable /cygdrive/c,
>c:/xxx will probably still work.  Perhaps sshd will allow you to specify a
>local root.  You can link or mount whatever you want to allow access to
>from inside there.
>
>I tried "umount -U -c" and "umount -c", but neither worked for me, probably
>a local system problem.  I was able to delete the information in the
>registry (HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2),
>but I don't know what other side effects might result so I'm putting it
>back right away.


Right.  Using 'mount'/'umount' as security enforcing mechanisms is the 
wrong approach.  Use 'chown', 'chgrp', and 'chmod' with 'ntsec' set in 
your CYGWIN environment variable if you want to try to do this with Cygwin.
This approach also ends up being easy to compromise too though. Anyone
doing this is left with needing to set the proper permissions using Windows 
mechanisms, I'm afraid.


Larry Hall                              lhall@rfk.com
RFK Partners, Inc.                      http://www.rfk.com
838 Washington Street                   (508) 893-9779 - RFK Office
Holliston, MA 01746                     (508) 893-9889 - FAX


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]