setup and getfacl

setup and getfacl

[Charles Wilson]

I ran across something odd today while testing my forthcoming inetutils
update. It seems that within the environment in which postinstall
scripts are run via setup (the old, 1.5 versions 2.573.2.3 or 2.588),
one is unable to accurately obtain the ACLs or permissions of files and
directories.

Now, this all works just fine in the cygwin-1.7 setup (2.609) -- so it's
probably a moot issue as 1.5 is nearing EOL -- but if there's a quick
explanation I'd like to know, so I can update the inetutils
documentation with that info.

What happens is that during postinstall, various permission checks are
done on /var/run, /var/empty, /etc, and the like.  With the cygwin-1.5's
setup.exe, those checks fail, even though running the postinstall script
"by hand" from an Administrator account under cygwin-1.5 works fine (I
always run setup.exe with 'Run as Administration' and privilege
elevation under UAC).

So, I stuck some debug output at the end of csih to simply dump the ACLs
of a file and a directory (dummy files that are not otherwise involved
in the inetutils postinstall).  In a normal context (e.g. NOT during
setup/postinstall), they look like this:

First the file:

$ getfacl /etc/bob
# file: /etc/bob
# owner: Administrator
# group: Users
user::rwx
group::rwx
group:SYSTEM:rwx
group:Administrators:rwx
mask:rwx
other:rwx

Then the directory:

$ getfacl /etc/bobd
# file: /etc/bobd
# owner: Administrator
# group: Users
user::rwx
group::rwx
group:SYSTEM:rwx
group:Administrators:rwx
mask:rwx
other:rwx
default:user:Administrator:rwx
default:group:SYSTEM:rwx
default:group:Administrators:rwx
default:group:Users:r-x
default:mask:rwx

However, when I stuck the following into csih, so that it got invoked
via the inetutils postinstall script:

echo getfacl /etc/bob
getfacl /etc/bob
echo getfacl /etc/bobd
getfacl /etc/bobd

I get the following in setup.log.full:

getfacl /etc/bob
# file: /etc/bob
# owner: Administrator
# group: Users
user::rw-
group::r--
other:r--
mask:rwx


getfacl /etc/bobd
# file: /etc/bobd
# owner: Administrator
# group: Users
user::rwx
group::r-x
other:r-x
mask:rwx


Huh?  Is this a bug, or just a known mis-feature?  What causes it?  And,
is it worth fixing in the cygwin-1.5 setup (most probably not, I'd guess).

--
Chuck

Re: setup and getfacl

[Corinna Vinschen]

On Mar 29 20:26, Charles Wilson wrote:
> I ran across something odd today while testing my forthcoming inetutils
> update. It seems that within the environment in which postinstall
> scripts are run via setup (the old, 1.5 versions 2.573.2.3 or 2.588),
> one is unable to accurately obtain the ACLs or permissions of files and
> directories.
> 
> Now, this all works just fine in the cygwin-1.7 setup (2.609) -- so it's
> probably a moot issue as 1.5 is nearing EOL -- but if there's a quick
> explanation I'd like to know, so I can update the inetutils
> documentation with that info.
> [...]
> I get the following in setup.log.full:
> 
> getfacl /etc/bob
> # file: /etc/bob
> # owner: Administrator
> # group: Users
> user::rw-
> group::r--
> other:r--
> mask:rwx
> 
> 
> getfacl /etc/bobd
> # file: /etc/bobd
> # owner: Administrator
> # group: Users
> user::rwx
> group::r-x
> other:r-x
> mask:rwx

Looks like running in CYGWIN=nontsec mode.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat