Using Cygwin in Windows 8, chmod 600 does not work as expected?

windows chmod windows-8-preview cygwin

I'm trying to change the permissions to my key file key.pem in Cygwin 1.7.11. It has the permissions flags: -rw-rw----

chmod -c 600 key.pem

Reports:

mode of 'key.pem' changed from 0660 (rw-rw----) to 0600 (rw-------)

However:

ls -l key.pem

still reports

key.pem's permission flags are still: -rw-rw----

This reason why I'm asking is that ssh is complaining:

Permissions 0660 for 'key.pem' are too open.

when I try to ssh into my Amazon EC2 instance. Is this an issue with Cygwin & Windows 8 NTFS or am I missing something?


I'm using Cygwin in the Win8CP, and I had the same issue. It's definitely a Cygwin bug, but there's a workaround: try running:

 chgrp -R Users ~/.ssh

The longer explanation is that, for some reason, Cygwin's /etc/passwd and /etc/group generation are putting the user's default/main group as None. And you cannot change the permission of None, so the chmod for group has no effect.

I didn't try repairing the passwd/group files myself, but I did do a chgrp -R Users ~/.ssh (or, if you are on the Windows 8 pre-release, with the group nameHomeUsers). After that, you can do the chmod 0600 and it'll work as expected.

The chgrp to the Users group can be done in whichever other similar cases you find. It even works as expected since Cygwin puts users in the Users group as a secondary group (instead of primary, which would be the correct behavior).


Starting from Cygwin 1.7.34 (2015-02-04) the method that changes the group to Users no longer works. Instead you need to use Cygwin's setfacl utility.

  • Say, if you want to set file mode to 644 (rw-r--r--) do this:

    setfacl -s u::rw-,g::r--,o:r-- foo.bar

  • or use a longer format:

    setfacl -s user::rw-,group::r--,other::r-- foo.bar

  • or copy its mode using getfacl from file foo to bar:

    getfacl foo | setfacl -f - bar

A complete manual is in the "setfacl" section of the Cygwin user guide. I wonder why Cygwin has not yet changed chmod utility likewise.


Here is a script that uses Luke Lee's suggestion but supports octal args like chmod. It provides a framework that can be extended. although it currently only supports octal args needed to fix permission on key.pem and/or ~/.ssh directory and files.

#!/bin/bash

# convert chmod octal permission args to equivalent setfacl args
ARGS=() ; FILES=()
while [ $# -gt 0 ]; do
  A=$1 ; shift
  case "$A" in
  600|0600) ARGS+=("u::rw-,g::---,o::---") ;;
  640|0640) ARGS+=("u::rw-,g::r--,o::---") ;;
  644|0644) ARGS+=("u::rw-,g::r--,o::r--") ;;
  700|0700) ARGS+=("u::rwx,g::---,o::---") ;;
  *) if [ -e "$A" ]; then FILES+=( "$A" ) ; else
    echo "unrecognized arg [$A]" 1>&2
    exit 1
  fi
  ;;
  esac
done
for F in "${FILES[@]}" ; do
  setfacl -s "${ARGS[@]}" "$F"
done

I used it like this to fix my .ssh directory and files:

chmodfacl 700 ~/.ssh
chmodfacl 600 ~/.ssh/*
chmodfacl 640 ~/.ssh/*.pub


chgrp -R Users ~/.ssh

chmod 0600 ~/.ssh/config

chmod 0700 ~/.ssh

If you have git bash installed run the same command (chmod -c 600 key.pem) with git bash and avoid Cygwin.

Related

I hid the menu bar in virtual box, how to show it again?
What is the Windows analog of the Linux watch command?
Why would you `cat /dev/null > /var/log/messages`?
How to change fixed size VDI with modifyhd command in Windows?
Uploading files to S3 account from Linux command line
How do I remove an SSH forwarded port
How to set current time on Linux?
Is it bad to map network drives in Windows?
Adjusting screen split pane sizes in tmux
What version of MS-DOS does Rufus use to make bootable USBs?
Is there a way to list Chocolatey packages with their install directory?
How to Make Chrome Not Load Tabs Until They are Selected?