Re: Issues with ACL settings after updating to the latest cygwin.dll

[Corinna Vinschen <corinna-cygwin@cygwin.com>]

[-- Attachment #1: Type: text/plain, Size: 2633 bytes --]

On Feb  8 17:48, xnor wrote:
> 
> >I'm not quite sure what you observe there.  The NULL SID ACE only
> >contains extra information about some POSIX bits and the MASK value.
> >It's existence and setting should not influence what you can do with the
> >file.  The permission bits are explicitely set elsewhere in the ACL.
> >
> >Can you reproduce the issue so that I can see what's going on?  I need
> >the icacls output for the file and its parent directory, as well as the
> >output from getfacl for both.
> I have the same problem with Transmission.
> 
> I noticed this first when I tried to execute an exe that was downloaded with
> Transmission compiled in cygwin. When trying to start the exe from Explorer
> an error dialog will appear:
> "Windows cannot access the specified device, path, or file. You may not have
> the appropriate permissions to access the item."

Not sure what Transmission is, but files downloaded with POSIX
tools are usually not executable.  For instance, download Cygwin's
setup-x86.exe with wget.  Then try to execute it.  It won't since
the permissions are set according to your umask and without execute
permissions, e.g., 0644.  This is normal.

> When going to file properties - security I get an information dialog window:
> "The permissions on <program> are incorrectly ordered, which may cause some
> entries to be ineffective."
> 
> Proper permissions (of parent folder) look like this:
> Authenticated Users: modify
> SYSTEM: Full control
> Administrators: Full control
> Users: Read & execute
> 
> 
> The permissions of the cygwin/transmission created files are (manually
> translated from German):
> NULL SID: special
> <My User>: special
> Authenticated Users: Browse folder / Execute file
> SYSTEM: Browse folder / Execute file
> Administrators: Browse folder / Execute file
> Users: Browse folder / Execute file
> Nobody: Read
> Authenticated Users: Read, write, execute
> SYSTEM: Read, write, execute
> Administrators: Read, write, execute
> Users: Read, Execute
> Everyone: Read
> 
> 
> Also when going to advanced permissions it shows the same incorrectly
> ordered warning and asks me to re-order permissions.

The permissions must *not* be reordered.  If Cygwin creates permissions
incorrectly it's one thing, but the order to emulate POSIX permissions
is non-canonical.  Reordering them will break them.

Please provide the exact output from icacls.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]