Using Cygwin in Windows 8, chmod 600 does not work as expected?
I'm using Cygwin in the Win8CP, and I had the same issue. It's definitely a Cygwin bug, but there's a workaround: try running:
chgrp -R Users ~/.ssh
The longer explanation is that, for some reason, Cygwin's /etc/passwd and /etc/group generation are putting the user's default/main group as None. And you cannot change the permission of None, so the chmod for group has no effect.
I didn't try repairing the passwd/group files myself, but I did do a chgrp -R Users ~/.ssh (or, if you are on the Windows 8 pre-release, with the group nameHomeUsers). After that, you can do the chmod 0600 and it'll work as expected.
The chgrp to the Users group can be done in whichever other similar cases you find. It even works as expected since Cygwin puts users in the Users group as a secondary group (instead of primary, which would be the correct behavior).
Starting from Cygwin 1.7.34 (2015-02-04) the method that changes the group to Users no longer works. Instead you need to use Cygwin's setfacl utility.
Say, if you want to set file mode to
644 (rw-r--r--)do this:setfacl -s u::rw-,g::r--,o:r-- foo.baror use a longer format:
setfacl -s user::rw-,group::r--,other::r-- foo.baror copy its mode using
getfaclfrom filefootobar:getfacl foo | setfacl -f - bar
A complete manual is in the "setfacl" section of the Cygwin user guide. I wonder why Cygwin has not yet changed chmod utility likewise.
Here is a script that uses Luke Lee's suggestion but supports octal args like chmod. It provides a framework that can be extended. although it currently only supports octal args needed to fix permission on key.pem and/or ~/.ssh directory and files.
#!/bin/bash
# convert chmod octal permission args to equivalent setfacl args
ARGS=() ; FILES=()
while [ $# -gt 0 ]; do
A=$1 ; shift
case "$A" in
600|0600) ARGS+=("u::rw-,g::---,o::---") ;;
640|0640) ARGS+=("u::rw-,g::r--,o::---") ;;
644|0644) ARGS+=("u::rw-,g::r--,o::r--") ;;
700|0700) ARGS+=("u::rwx,g::---,o::---") ;;
*) if [ -e "$A" ]; then FILES+=( "$A" ) ; else
echo "unrecognized arg [$A]" 1>&2
exit 1
fi
;;
esac
done
for F in "${FILES[@]}" ; do
setfacl -s "${ARGS[@]}" "$F"
done
I used it like this to fix my .ssh directory and files:
chmodfacl 700 ~/.ssh
chmodfacl 600 ~/.ssh/*
chmodfacl 640 ~/.ssh/*.pub