A permissions puzzle

A permissions puzzle

[Eliot Moss]

Dear cygwiners --

For a long time I _had_ things working, but somehow in switching over to using
cygwin64 as primary, I messed up permissions on the directories where a backup
program (EaseUS) puts things.  I made the permissions similar to elsewhere in
by cygwin hierarchy, but I still cannot chown, chgrp, or chmod files created
by the backup tool - but doing so used to work!

Here is icacls on one of the files:

icacls System_20191220_Inc_v1.pbd
System_20191220_Inc_v1.pbd NULL SID:(I)(DENY)(Rc,S,WD,REA,WEA,X,DC)
                            BUILTIN\Administrators:(I)(F)
                            EM-SURFACE-2018\Cygwin:(I)(RX,W,DC)
                            NT AUTHORITY\SYSTEM:(I)(RX)
                            Everyone:(I)(RX)

Note that I am an administrator and in in Cygwin (at least "groups" shows
Cygwin).

Here is icacls on the containing directory, which has been "cygwin-ized":

icacls .
. NULL SID:(DENY)(Rc,S,WD,REA,WEA,X,DC)
   EM-SURFACE-2018\moss:(F)
   EM-SURFACE-2018\Cygwin:(RX,W,DC)
   BUILTIN\Administrators:(RX,W,DC)
   Everyone:(RX)
   NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,WD,REA,WEA,X,DC)
   CREATOR OWNER:(OI)(CI)(IO)(F)
   EM-SURFACE-2018\Cygwin:(OI)(CI)(IO)(RX,W,DC)
   NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(RX)
   BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
   Everyone:(OI)(CI)(IO)(RX)

And getfacl on the same:

# file: .
# owner: moss
# group: Cygwin
# flags: -s-
user::rwx
group::rwx
group:Administrators:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:SYSTEM:r-x
default:group:Administrators:rwx
default:mask::rwx
default:other::r-x

So ... why can't I chown, etc., the pbd file, and what needs to change for me
to be able to do so?  (I _do_ mostly understand this stuff, but maybe I'm
just too tired and just can;t see the obvious!)

Regards - Eliot

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Eliot Moss]

Addendum: here is output from id:

uid=197609(moss) gid=197609(moss) groups=197609(moss),401408(Medium Mandatory 
Level),197610(Cygwin),197611(docker-users),559(Performance Log 
Users),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This 
Organization),68585(MicrosoftAccount+moss@cs.umass.edu),113(Local 
account),4095(CurrentSession),66048(LOCAL),262180(Cloud Account Authentication)

This has 113 (Local account) but _not_ 114, the administrators account.
This may explain things.  But it seems I used to get admin privileges
when logging in.  Maybe I used to start XWin as admin, and so the
magical token was inherited?  I'll check on that ...

EM

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Eliot Moss]

And indeed, the problem was that when putting in to use 64-bit
xlaunch, I did not set "Run as administrator".  Once I set that
things worked fine.  Ah, the little twiddles we forget!

Sorry for wasting your bandwidth, but maybe there was some
entertainment value in it for you!   EM

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Andrey Repin]

Greetings, Eliot Moss!

> Dear cygwiners --

> For a long time I _had_ things working, but somehow in switching over to using
> cygwin64 as primary, I messed up permissions on the directories where a backup
> program (EaseUS) puts things.  I made the permissions similar to elsewhere in
> by cygwin hierarchy, but I still cannot chown, chgrp, or chmod files created
> by the backup tool - but doing so used to work!

For things outside Cygwin root, I strongly suggest "noacl" option.

> So ... why can't I chown, etc., the pbd file, and what needs to change for me
> to be able to do so?  (I _do_ mostly understand this stuff, but maybe I'm
> just too tired and just can;t see the obvious!)

Then you won't even need to chown or chmod, except in dire circumstances,
where some careless program forcibly set permissions to something like 0750.


-- 
With best regards,
Andrey Repin
Saturday, December 21, 2019 17:47:07

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Andrey Repin]

Greetings, Eliot Moss!

>> For things outside Cygwin root, I strongly suggest "noacl" option.

>> Then you won't even need to chown or chmod, except in dire circumstances,
>> where some careless program forcibly set permissions to something like 0750.

> So how would I do that for a removable NTFS drive?

Even more reason not to use emulated POSIX permissions.

> It's not certain what drive letter it will pop up under.

Don't use drive letters, and you will reduce the vector of attack on your
system significantly.

> Of course the drive has a specific label, but I am not sure if/how that can be used ...
> getVolInfo can get it, of course, but this seems beyond the semantics of mount and fstab ...

Drive has specific network path, use it.

> I'm not saying I _need_ to do this; I got things going for now.


-- 
With best regards,
Andrey Repin
Sunday, December 22, 2019 15:32:57

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Eliot Moss]

On 12/22/2019 7:34 AM, Andrey Repin wrote:

> Drive has specific network path, use it.

Thank you, Andrey, but with (admittedly minimal) searching and
playing around, I could not figure out how to determine what
that path is.  This is a locally attached (USB) external drive.
And I may be on networks where network discovery is not wise ...

Is there a canonical network name for a locally attached drive
with a particular label?

EM

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Brian Inglis]

On 2019-12-22 06:08, Eliot Moss wrote:
> On 12/22/2019 7:34 AM, Andrey Repin wrote:
> 
>> Drive has specific network path, use it.
> 
> Thank you, Andrey, but with (admittedly minimal) searching and
> playing around, I could not figure out how to determine what
> that path is.  This is a locally attached (USB) external drive.
> And I may be on networks where network discovery is not wise ...

https://www.online-tech-tips.com/computer-tips/how-to-change-the-drive-letter-in-windows-xp-for-an-external-usb-stick-or-hard-drive/

With drive inserted, run:
Computer Management/Storage/Disk Management/select Removable Drive/context menu
Change Drive Letter and Paths/Change button/either select Assign...letter/select
letter/or select Mount in...folder/browse or type path to an empty folder/OK/OK.

List by volume label:

$ wmic logicaldisk where "VolumeName='LABEL'" list brief
DeviceID  DriveType  FreeSpace     ProviderName  Size          VolumeName
D:        3          797638373376                999007711232  LABEL

> Is there a canonical network name for a locally attached drive with a
> particular label?

Windows doesn't really use labels, but there is a local volume GUID:

$ mountvol	# lists all volume paths \\?\Volume{...}\
$ l /proc/sys/GLOBAL\?\?/Volume\{...\}/
'$Recycle.Bin'/             PerfLogs/               swapfile.sys
'Documents and Settings'@  'Program Files'/        'System Volume Information'/
 hiberfil.sys              'Program Files (x86)'/   Users/
 OEM/                       ProgramData/            Windows/
 PageFile.sys               Recovery/
$ l /proc/cygdrive/d/
'$Recycle.Bin'/             PerfLogs/               swapfile.sys
'Documents and Settings'@  'Program Files'/        'System Volume Information'/
 hiberfil.sys              'Program Files (x86)'/   Users/
 OEM/                       ProgramData/            Windows/
 PageFile.sys               Recovery/
$ cmd /c 'dir /a \\?\Volume{...}\'
 Volume in drive \\?\Volume{...} is LABEL
 Volume Serial Number is XXXX-XXXX

 Directory of \\?\Volume{...}

2018-09-21  15:26    <DIR>          $Recycle.Bin
2018-09-19  15:09    <JUNCTION>     Documents and Settings [C:\Users]
2018-09-21  11:13     7,448,412,160 hiberfil.sys
2018-09-20  13:23    <DIR>          OEM
2019-12-07  04:06     8,589,934,592 PageFile.sys
2018-04-11  16:38    <DIR>          PerfLogs
2018-09-20  19:51    <DIR>          Program Files
2018-09-20  19:51    <DIR>          Program Files (x86)
2018-09-20  18:13    <DIR>          ProgramData
2018-09-20  17:53    <DIR>          Recovery
2018-09-21  11:01       268,435,456 swapfile.sys
2018-12-04  17:56    <DIR>          System Volume Information
2019-03-20  07:49    <DIR>          Users
2018-09-20  18:09    <DIR>          Windows
               3 File(s) 16,306,782,208 bytes
              11 Dir(s)               0 bytes free

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Eliot Moss]

So can a \\?\Volume{...} guid name for a volume be used in Cygwin's fstab?
What would the syntax be like for that?

Regards - Eliot Moss

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Brian Inglis]

On 2019-12-22 20:16, Eliot Moss wrote:
> 
> So can a \\?\Volume{...} guid name for a volume be used in Cygwin's fstab?
> What would the syntax be like for that?

Each entry must be on a single line:

#|/bin/cygwin1.dll
# /etc/fstab - https://cygwin.com/cygwin-ug-net/using.html#mount-table
#                                                               dump	dump
# mixed path	 file		vfstype		mntops		freq	passno
#C:/cygwin64	 /		ntfs		auto,binary	1	1
#C:/cygwin64/bin /usr/bin	ntfs		auto,binary	1	1
#C:/cygwin64/lib /usr/lib	ntfs		auto,binary	1	1
#C:		 /cygdrive/c	ntfs		auto,binary,posix=0,noumount,	
							user	1	1
#none		 /cygdrive	cygdrive	auto,binary,posix=0,	
							user	0	0
#none		 /tmp		usertemp	binary,posix=0	0	0
//?/Volume{...}	 /media/name	fat|ntfs	[no]acl*,binary*|text,bind,dos,
						[cyg|not]exec,ihash,override,
						posix=0|1*,sparse,[no]umount*,
						[no*]user	0	0
#						defaults flagged *

FYI:
$ head /etc/{fs,m}tab

Could also be a separate file under /etc/fstab.d/...

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Eliot Moss]

On 12/23/2019 3:55 AM, Brian Inglis wrote:> On 2019-12-22 20:16, Eliot Moss wrote:
 >>
 >> So can a \\?\Volume{...} guid name for a volume be used in Cygwin's fstab?
 >> What would the syntax be like for that?
 >
 > Each entry must be on a single line:
 >
 > #|/bin/cygwin1.dll
 > # /etc/fstab - https://cygwin.com/cygwin-ug-net/using.html#mount-table
 > #                                                               dump	dump
 > # mixed path	 file		vfstype		mntops		freq	passno
 > #C:/cygwin64	 /		ntfs		auto,binary	1	1
 > #C:/cygwin64/bin /usr/bin	ntfs		auto,binary	1	1
 > #C:/cygwin64/lib /usr/lib	ntfs		auto,binary	1	1
 > #C:		 /cygdrive/c	ntfs		auto,binary,posix=0,noumount,	
 > 							user	1	1
 > #none		 /cygdrive	cygdrive	auto,binary,posix=0,	
 > 							user	0	0
 > #none		 /tmp		usertemp	binary,posix=0	0	0
 > //?/Volume{...}	 /media/name	fat|ntfs	[no]acl*,binary*|text,bind,dos,
 > 						[cyg|not]exec,ihash,override,
 > 						posix=0|1*,sparse,[no]umount*,
 > 						[no*]user	0	0
 > #						defaults flagged *

Thank you, Brian.  I have tried this:

none /cygdrive cygdrive binary,posix=0,user 0 0
//?/Volume{13cb9114-4267-4a7b-8c14-2cbc4bbeecad} /media/backup ntfs noacl,binary,posix=0,user 0 0

The uid is what is shown in /proc/sys/GLOBAL??/Volume{...} and /media exists.

mount -a says:  mount: /media/backup: Invalid argument

I tried also creating an empty directory /media/backup, with the same result.

The drive sill mounts automatically on /cygdrive/d (as I would expect).

Thoughts?

Eliot

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: A permissions puzzle

[Andrey Repin]

Greetings, Eliot Moss!

> On 12/22/2019 7:34 AM, Andrey Repin wrote:

>> Drive has specific network path, use it.

> Thank you, Andrey, but with (admittedly minimal) searching and
> playing around, I could not figure out how to determine what
> that path is.  This is a locally attached (USB) external drive.
> And I may be on networks where network discovery is not wise ...

Sorry, I somehow read "removable" as "remote".
There's two possible solutions:
1. Forcibly assign a specific drive letter. They would stay as long as the FS
UUID remain the same and the letter is not assigned to another drive.
2. Use USBDLM https://www.uwe-sieber.de/usbdlm_e.html and configure letters as
you wish. For what I recall, it lets you use drive label as the anchor.

> Is there a canonical network name for a locally attached drive
> with a particular label?


-- 
With best regards,
Andrey Repin
Tuesday, December 24, 2019 12:10:55

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple