* after update to cygwin 1.7.35(0.287/5/3) all file permissions in cygwin are 070
@ 2015-03-20 13:16 schilpfamily
2015-03-20 14:52 ` Rexdf
0 siblings, 1 reply; 5+ messages in thread
From: schilpfamily @ 2015-03-20 13:16 UTC (permalink / raw)
To: cygwin
i have been using cygwin for many years and currently most of my
systems are at 1.7.32(0.274/5/3).
i had to get an update to cygwin/X which forced me to also update
cygwin. with the update, nearly all windows files have the permission
setting of 070 (---rwx---) even when the file is owned by me, and as a
consequence most applications fail to load or cannot load dll's or
other really annoying issues.
is there some "magical" new setting to make cygwin recognize that
files owned by me are at least r/w?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: after update to cygwin 1.7.35(0.287/5/3) all file permissions in cygwin are 070
2015-03-20 13:16 after update to cygwin 1.7.35(0.287/5/3) all file permissions in cygwin are 070 schilpfamily
@ 2015-03-20 14:52 ` Rexdf
2015-03-20 15:03 ` Tim Magee
2015-03-20 18:10 ` Corinna Vinschen
0 siblings, 2 replies; 5+ messages in thread
From: Rexdf @ 2015-03-20 14:52 UTC (permalink / raw)
To: cygwin
> i have been using cygwin for many years and currently most of my
> systems are at 1.7.32(0.274/5/3).
> i had to get an update to cygwin/X which forced me to also update
> cygwin. with the update, nearly all windows files have the permission
> setting of 070 (---rwx---) even when the file is owned by me, and as a
> consequence most applications fail to load or cannot load dll's or
> other really annoying issues.
>
> is there some "magical" new setting to make cygwin recognize that
> files owned by me are at least r/w?
>
I don't know what is your situation, but i can give some suggestion.
AFAIK, 1.7.34+ seems to use the real Windows ACL ( at least partly).
It means that the 700 file really cannot access by other Windows
accounts.
First of all, try the follwoing code from mintty. Then restart X.
mkpasswd -l > /etc/passwd
mkgroup -l > /etc/group
If it is still 0700 and you right click Properties/Security from
windows explorer.exe to make sure your real Windows ACL permission is
true wrong. Then the following command may be helpful.
Start cmd.exe as Administrators.
cd to folder contain cygwin folder.
Run following:
takeown /F cygwin /R
icacls cygwin /T /grant your_account_name:F
your_account_name can be get from your default cmd.exe(Run as normal
user) or maybe your cygwin mintty.exe your_account_name@your_PC_NAME
or your C:\Users\ your_account_name.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: after update to cygwin 1.7.35(0.287/5/3) all file permissions in cygwin are 070
2015-03-20 14:52 ` Rexdf
@ 2015-03-20 15:03 ` Tim Magee
2015-03-20 18:05 ` Rexdf
2015-03-20 18:10 ` Corinna Vinschen
1 sibling, 1 reply; 5+ messages in thread
From: Tim Magee @ 2015-03-20 15:03 UTC (permalink / raw)
To: cygwin
Hi,
You may have misread the original question (and its subject): the POSIX
permissions are 070, not (0)700. These files are accessible to one or
more of the groups the owner is a member of, but not to the owner.
+1 for the ICACLS workaround though. I was bit by this recently when
setting up openssh, which cares about locking down access to keys. I
needed to get rid of those group access bits, but chmod left them
unchanged. I used ICACLS to remove ACEs for 'NT AUTHORITY\SYSTEM',
which (based on experimenting) were affecting the 'group' triplet of the
POSIX permissions.
Cheers,
Tim
On 20/03/15 13:15, Rexdf wrote:
>> i have been using cygwin for many years and currently most of my
>> systems are at 1.7.32(0.274/5/3).
>> i had to get an update to cygwin/X which forced me to also update
>> cygwin. with the update, nearly all windows files have the permission
>> setting of 070 (---rwx---) even when the file is owned by me, and as a
>> consequence most applications fail to load or cannot load dll's or
>> other really annoying issues.
>>
>> is there some "magical" new setting to make cygwin recognize that
>> files owned by me are at least r/w?
>>
>
> I don't know what is your situation, but i can give some suggestion.
>
> AFAIK, 1.7.34+ seems to use the real Windows ACL ( at least partly).
> It means that the 700 file really cannot access by other Windows
> accounts.
>
> First of all, try the follwoing code from mintty. Then restart X.
> mkpasswd -l > /etc/passwd
> mkgroup -l > /etc/group
>
> If it is still 0700 and you right click Properties/Security from
> windows explorer.exe to make sure your real Windows ACL permission is
> true wrong. Then the following command may be helpful.
>
> Start cmd.exe as Administrators.
> cd to folder contain cygwin folder.
> Run following:
>
> takeown /F cygwin /R
> icacls cygwin /T /grant your_account_name:F
>
> your_account_name can be get from your default cmd.exe(Run as normal
> user) or maybe your cygwin mintty.exe your_account_name@your_PC_NAME
> or your C:\Users\ your_account_name.
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: after update to cygwin 1.7.35(0.287/5/3) all file permissions in cygwin are 070
2015-03-20 15:03 ` Tim Magee
@ 2015-03-20 18:05 ` Rexdf
0 siblings, 0 replies; 5+ messages in thread
From: Rexdf @ 2015-03-20 18:05 UTC (permalink / raw)
To: cygwin
>
> You may have misread the original question (and its subject): the POSIX
> permissions are 070, not (0)700. These files are accessible to one or more
> of the groups the owner is a member of, but not to the owner.
>
I know clear about 070 and 700 and 0700. It is typos. That is why I
ask you to run icacls.
> +1 for the ICACLS workaround though. I was bit by this recently when
> setting up openssh, which cares about locking down access to keys. I needed
> to get rid of those group access bits, but chmod left them unchanged. I
> used ICACLS to remove ACEs for 'NT AUTHORITY\SYSTEM', which (based on
> experimenting) were affecting the 'group' triplet of the POSIX permissions.
>
Run mintty.exe as Administrators. You can set permission by chmod
setfacl https://cygwin.com/cygwin-ug-net/using-utils.html#setfacl too.
If you try to remove some old account(like reinstall a new windows),
you can try SubInACL
http://www.microsoft.com/en-us/download/details.aspx?id=23510 to deal
with SSID (something like
S-1-5-21-56246481-4602087933-3644394174-1001)
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: after update to cygwin 1.7.35(0.287/5/3) all file permissions in cygwin are 070
2015-03-20 14:52 ` Rexdf
2015-03-20 15:03 ` Tim Magee
@ 2015-03-20 18:10 ` Corinna Vinschen
1 sibling, 0 replies; 5+ messages in thread
From: Corinna Vinschen @ 2015-03-20 18:10 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 2372 bytes --]
On Mar 20 21:15, Rexdf wrote:
> > i have been using cygwin for many years and currently most of my
> > systems are at 1.7.32(0.274/5/3).
> > i had to get an update to cygwin/X which forced me to also update
> > cygwin. with the update, nearly all windows files have the permission
> > setting of 070 (---rwx---) even when the file is owned by me, and as a
> > consequence most applications fail to load or cannot load dll's or
> > other really annoying issues.
> >
> > is there some "magical" new setting to make cygwin recognize that
> > files owned by me are at least r/w?
> >
>
> I don't know what is your situation, but i can give some suggestion.
>
> AFAIK, 1.7.34+ seems to use the real Windows ACL ( at least partly).
> It means that the 700 file really cannot access by other Windows
> accounts.
>
> First of all, try the follwoing code from mintty. Then restart X.
> mkpasswd -l > /etc/passwd
> mkgroup -l > /etc/group
Why? The idea of the changes in 1.7.34+ were to allow to get rid of
/etc/passwd and /etc/group. Remove the files and be done with them,
unless you're in a situation which requires you to make special
settings.
May I suggest to read the User's Guide, especially the new docs
explaining the changes to account handling in
https://cygwin.com/cygwin-ug-net/ntsec.html?
As I wrote multiple times in the last couple of months, if the
documentation is unclear, please ask and let's try to figure out to
improve the documentation. As I'm the person who hacked this stuff, I
have probably a completely different view on what's important and what
needs explaining.
> If it is still 0700 and you right click Properties/Security from
> windows explorer.exe to make sure your real Windows ACL permission is
> true wrong. Then the following command may be helpful.
>
> Start cmd.exe as Administrators.
> cd to folder contain cygwin folder.
> Run following:
>
> takeown /F cygwin /R
> icacls cygwin /T /grant your_account_name:F
So what about using Cygwin for this? Start mintty as administrator
and then:
$ chown <your account>:<your group> filename
$ chmod 700 filename
$ setfacl -b filename # See the User's Guide!
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-03-20 18:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-20 13:16 after update to cygwin 1.7.35(0.287/5/3) all file permissions in cygwin are 070 schilpfamily
2015-03-20 14:52 ` Rexdf
2015-03-20 15:03 ` Tim Magee
2015-03-20 18:05 ` Rexdf
2015-03-20 18:10 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).