From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9614 invoked by alias); 2 Nov 2013 12:55:09 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 9600 invoked by uid 89); 2 Nov 2013 12:55:08 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.5 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: plane.gmane.org Received: from plane.gmane.org (HELO plane.gmane.org) (80.91.229.3) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Sat, 02 Nov 2013 12:55:06 +0000 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1VcajH-0008BB-E8 for cygwin@cygwin.com; Sat, 02 Nov 2013 13:55:03 +0100 Received: from boland.xs4all.nl ([213.84.69.3]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 02 Nov 2013 13:55:03 +0100 Received: from daniel by boland.xs4all.nl with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 02 Nov 2013 13:55:03 +0100 To: cygwin@cygwin.com From: "D. Boland" Subject: vi stealing SYSTEM-owned permissions and ownership Date: Sat, 02 Nov 2013 12:55:00 -0000 Message-ID: <5274F396.A133C4CE@boland.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2013-11/txt/msg00024.txt.bz2 Hi group, I'm a Linux teacher at a school for vocational education in the Netherlands. I use Cyqwin to help my students overcome their fear of the command line by showing them their Windows systems through the eyes of Linux. I had them install Apache and then configure it in Cygwin using vi. As of Windows 8, the Apache installation sometimes fails, because of permission issues. Installing "As administrator" solves the problem. This is fine with me because in other Linuxes, Apache is installed as root by default. After installation, permissions in the Apache "conf" directory look like this: drwx------+ 1 SYSTEM SYSTEM 0 28 okt 20:43 . drwx------+ 1 SYSTEM SYSTEM 0 2 nov 13:10 .. -rwx------+ 1 SYSTEM SYSTEM 35142 26 okt 18:07 httpd.conf -rwx------+ 1 SYSTEM SYSTEM 34770 7 okt 23:29 httpd.default.conf -rwx------+ 1 SYSTEM SYSTEM 13340 3 okt 07:59 magic -rwx------+ 1 SYSTEM SYSTEM 13340 21 nov 2004 magic.default -rwx------+ 1 SYSTEM SYSTEM 54599 3 okt 07:59 mime.types -rwx------+ 1 SYSTEM SYSTEM 54599 17 mrt 2012 mime.types.default -rwx------+ 1 SYSTEM SYSTEM 9390 5 feb 2013 openssl.cnf -rwx------+ 1 SYSTEM SYSTEM 11050 3 okt 07:59 ssl.conf -rwx------+ 1 SYSTEM SYSTEM 11030 7 okt 23:29 ssl.default.conf To emulate the Unix permissions model, I had my students add a group in Windows, named "apache", making themselves a member and then import it using the mkgroup command. After a chgrp and chmod on the entire Apache folder, the "conf" directory looks like this: drwxrwx---+ 1 SYSTEM apache 0 28 okt 20:43 . drwxrwx---+ 1 SYSTEM apache 0 2 nov 13:10 .. -rwxrwx---+ 1 SYSTEM apache 35142 26 okt 18:07 httpd.conf -rwxrwx---+ 1 SYSTEM apache 34770 7 okt 23:29 httpd.default.conf -rwxrwx---+ 1 SYSTEM apache 13340 3 okt 07:59 magic -rwxrwx---+ 1 SYSTEM apache 13340 21 nov 2004 magic.default -rwxrwx---+ 1 SYSTEM apache 54599 3 okt 07:59 mime.types -rwxrwx---+ 1 SYSTEM apache 54599 17 mrt 2012 mime.types.default -rwxrwx---+ 1 SYSTEM apache 9390 5 feb 2013 openssl.cnf -rwxrwx---+ 1 SYSTEM apache 11050 3 okt 07:59 ssl.conf -rwxrwx---+ 1 SYSTEM apache 11030 7 okt 23:29 ssl.default.conf My students can now administer Apache without running Cygwin "As administrator". Also, this is extremely useful in real-time business situations. It enables my students to grant Apache admin permissions to other users by putting them in the apache group, without giving them full admin access on the entire system. But here's the problem. After editing the httpd.conf file with vi, the permissions on the "httpd.conf" file are changed to: ----------+ 1 Daniel None 35142 2 nov 13:20 httpd.conf This should not be. I tested this on my RedHat and OpenBSD systems, and there are no changes in ownership or permissions after editing with vi. After fiddling with chown, chgrp, chmod, getfacl, setfacl and icacl for a few hours, I finally installed nano. Nano behaved. It did not alter anything except the contents of the file. But I want my students to learn vi, so having them install nano is not an option. I think the problem is vi. Vi deletes the original file and creates a new one with the changed contents, without resetting the original ownership and permissions. See also this post: http://unix.stackexchange.com/questions/58880/how-does-vim-steal-root-owned-files Can somebody shed some light on this? Meanwhile, I accidentally found sort of a solution: deleting the file without write permissions on the containing folder, restores the permissions set by Administrator. As Administrator: chmod 0700 . touch test.txt chown SYSTEM:apache test.txt chmod 0770 test.txt Results in: -rwxrwx---+ 1 SYSTEM apache 0 2 nov 13:26 test.txt As "normal" user: Edit the file with vi. After, permissions will look like: ----------+ 1 Daniel None 9 2 nov 13:29 test.txt $ getfacl.exe test.txt # file: test.txt # owner: Daniel # group: None user::--- group::--- group:SYSTEM:rwx group:Administrators:rwx group:Gebruikers:r-x group:apache:rwx mask:rwx other:--- To "solve" this, simply delete the file: rm test.txt The file is not deleted because of 0700 on the containing folder. But the original permissions, set by Admin are restored!! -rwxrwx---+ 1 SYSTEM apache 9 2 nov 13:29 test.txt $ getfacl.exe test.txt # file: test.txt # owner: SYSTEM # group: apache user::rwx group::rwx group:Administrators:rwx group:Gebruikers:r-x mask:rwx other:--- -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple