WSL mounted file permissions

file-permissions windows-subsystem-for-linux

In my testing of WSL as a possible replacement for the git-for-windows bash and quasi-unix work environment, I have set up a symlink within WSL for my /home/me/.ssh/ directory to the corresponding /mnt/c/users/me/.ssh/ direcory. Not too surprisingly (since ssh is strict on dir/file permissions), this does not work:

me@d2book:~$ ssh myth
Bad owner or permissions on /home/me/.ssh/config

me@d2book:~$ ll -d .ssh .ssh/config
lrwxrwxrwx 1 me   me     20 Oct 16 13:12 .ssh -> /mnt/c/Users/me/.ssh/
-rwxrwxrwx 1 root root 6335 Dec  5 07:47 .ssh/config*

I might create the files in linux and then find a way to link from windows into the linux filesystem (%localappdata%/lxss/...), but they recommend strongly against using windows tools to edit linux files (ref: https://blogs.msdn.microsoft.com/commandline/2016/11/17/do-not-change-linux-files-using-windows-apps-and-tools/), so whenever I need to tweak something, I must jump into WSL. (If nothing else, this might be the preferred compromise, but ...)

I can always maintain two distinct directories (each local to own system), but I'd prefer to share them. Bigger picture, though, is how to modify the windows security permissions in order to mimic enough linux filesystem properties such that WSL sees our end-desired permissions.

The current permissions on the WIN/.../.ssh/config files are: SYSTEM, me, and Administrators all have full-control. When I want to change SYSTEM, it warns me about inheriting permissions and such. I know that windows dir/file permissions are different in many ways, but ultimate ...

Q: is there an easy security posture for windows files/dirs such that WSL sees them as user-only (owner) access? (analogous to a umask of 0077). More generically, is there a a recipe for mapping at least some similarity between the ugo unix-y assignments and Windows file security?


Solution 1:

This part of WSL is much better in the latest insider builds (i.e., the next Windows 10 release). Since build 17063 WSL stores the Linux metadata, so chmod etc. on shared files "just works" without changing the ACLs on the Windows side. I'm now mounting my home directory from my user profile just as you suggest you'd like to, and SSH works fine.

Here's my setup:

$ cat /etc/wsl.conf
[automount]
enabled=true
options=metadata,uid=1000,gid=1000,umask=022
$ mount | grep /mnt
C: on /mnt/c type drvfs (rw,noatime,uid=1000,gid=1000,umask=22,metadata)
$ echo $HOME
/mnt/c/Users/me
$ ls -ld /home
lrwxrwxrwx 1 root root 11 Jan 11 16:15 /home -> mnt/c/Users
$ ls -ld ~/.ssh
drwxr-xr-x 1 me me 4096 Feb 27 11:44 /mnt/c/Users/me/.ssh
$ ls -ld ~/.ssh/authorized_keys
-rw-r--r-- 1 me me 745 Feb 27 11:44 /mnt/c/Users/me/.ssh/authorized_keys
$ ls -ld ~/.ssh/config
lrwxrwxrwx 1 me me 29 Oct  6 14:14 /mnt/c/Users/me/.ssh/config -> ../share/dotfiles/.ssh/config
$ ls -l ~/share/dotfiles/.ssh/config
-rwxr-xr-x 1 me me 741 Feb 26 21:23 /mnt/c/Users/me/share/dotfiles/.ssh/config

Related

Windows 10 WSL cURL can't access localhost with error (Failed to connect to localhost port 80: Connection refused)
Mount SkyDrive as a network drive
KeePass: use a key file or a regular password?
Vertical Split in GNU Screen on Mac OS X
Lock your computer after 5 minutes of inactivity
How can I get Vim to indent all the lines in a list item - not just the second?
How to disable Acrobat Reader's "Click-Scroll-Feature"?
Autoindentation in Sublime 2 text editor
Is it possible use Dropbox as my OSX Time machine backup drive?
Make Jumplist Shortcut Always Run Application as Administrator
How to open xlsx files with Excel 2013 by default on windows 8?
Why can't you use special characters in a filename, like "?" or ";"?