Using Cygwin in Windows 8, chmod 600 does not work as expected?
I'm using Cygwin in the Win8CP, and I had the same issue. It's definitely a Cygwin bug, but there's a workaround: try running:
chgrp -R Users ~/.ssh
The longer explanation is that, for some reason, Cygwin's /etc/passwd
and /etc/group
generation are putting the user's default/main group as None
. And you cannot change the permission of None
, so the chmod
for group has no effect.
I didn't try repairing the passwd
/group
files myself, but I did do a chgrp -R Users ~/.ssh
(or, if you are on the Windows 8 pre-release, with the group nameHomeUsers
). After that, you can do the chmod 0600
and it'll work as expected.
The chgrp
to the Users
group can be done in whichever other similar cases you find. It even works as expected since Cygwin puts users in the Users
group as a secondary group (instead of primary, which would be the correct behavior).
Starting from Cygwin 1.7.34 (2015-02-04) the method that changes the group to Users
no longer works. Instead you need to use Cygwin's setfacl
utility.
Say, if you want to set file mode to
644 (rw-r--r--)
do this:setfacl -s u::rw-,g::r--,o:r-- foo.bar
or use a longer format:
setfacl -s user::rw-,group::r--,other::r-- foo.bar
or copy its mode using
getfacl
from filefoo
tobar
:getfacl foo | setfacl -f - bar
A complete manual is in the "setfacl" section of the Cygwin user guide. I wonder why Cygwin has not yet changed chmod
utility likewise.
Here is a script that uses Luke Lee's suggestion but supports octal args like chmod. It provides a framework that can be extended. although it currently only supports octal args needed to fix permission on key.pem and/or ~/.ssh directory and files.
#!/bin/bash
# convert chmod octal permission args to equivalent setfacl args
ARGS=() ; FILES=()
while [ $# -gt 0 ]; do
A=$1 ; shift
case "$A" in
600|0600) ARGS+=("u::rw-,g::---,o::---") ;;
640|0640) ARGS+=("u::rw-,g::r--,o::---") ;;
644|0644) ARGS+=("u::rw-,g::r--,o::r--") ;;
700|0700) ARGS+=("u::rwx,g::---,o::---") ;;
*) if [ -e "$A" ]; then FILES+=( "$A" ) ; else
echo "unrecognized arg [$A]" 1>&2
exit 1
fi
;;
esac
done
for F in "${FILES[@]}" ; do
setfacl -s "${ARGS[@]}" "$F"
done
I used it like this to fix my .ssh directory and files:
chmodfacl 700 ~/.ssh
chmodfacl 600 ~/.ssh/*
chmodfacl 640 ~/.ssh/*.pub