From: Tim Magee <Tim.Magee@thales-esecurity.com>
To: cygwin@cygwin.com
Subject: Re: after update to cygwin 1.7.35(0.287/5/3) all file permissions in cygwin are 070
Date: Fri, 20 Mar 2015 15:03:00 -0000 [thread overview]
Message-ID: <550C3418.9060506@thales-esecurity.com> (raw)
In-Reply-To: <CAFrJEvPLneS13L2EBVewRn=g6BRACfdM+7kbvjwusLHO6dkoyg@mail.gmail.com>
Hi,
You may have misread the original question (and its subject): the POSIX
permissions are 070, not (0)700. These files are accessible to one or
more of the groups the owner is a member of, but not to the owner.
+1 for the ICACLS workaround though. I was bit by this recently when
setting up openssh, which cares about locking down access to keys. I
needed to get rid of those group access bits, but chmod left them
unchanged. I used ICACLS to remove ACEs for 'NT AUTHORITY\SYSTEM',
which (based on experimenting) were affecting the 'group' triplet of the
POSIX permissions.
Cheers,
Tim
On 20/03/15 13:15, Rexdf wrote:
>> i have been using cygwin for many years and currently most of my
>> systems are at 1.7.32(0.274/5/3).
>> i had to get an update to cygwin/X which forced me to also update
>> cygwin. with the update, nearly all windows files have the permission
>> setting of 070 (---rwx---) even when the file is owned by me, and as a
>> consequence most applications fail to load or cannot load dll's or
>> other really annoying issues.
>>
>> is there some "magical" new setting to make cygwin recognize that
>> files owned by me are at least r/w?
>>
>
> I don't know what is your situation, but i can give some suggestion.
>
> AFAIK, 1.7.34+ seems to use the real Windows ACL ( at least partly).
> It means that the 700 file really cannot access by other Windows
> accounts.
>
> First of all, try the follwoing code from mintty. Then restart X.
> mkpasswd -l > /etc/passwd
> mkgroup -l > /etc/group
>
> If it is still 0700 and you right click Properties/Security from
> windows explorer.exe to make sure your real Windows ACL permission is
> true wrong. Then the following command may be helpful.
>
> Start cmd.exe as Administrators.
> cd to folder contain cygwin folder.
> Run following:
>
> takeown /F cygwin /R
> icacls cygwin /T /grant your_account_name:F
>
> your_account_name can be get from your default cmd.exe(Run as normal
> user) or maybe your cygwin mintty.exe your_account_name@your_PC_NAME
> or your C:\Users\ your_account_name.
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2015-03-20 14:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-20 13:16 schilpfamily
2015-03-20 14:52 ` Rexdf
2015-03-20 15:03 ` Tim Magee [this message]
2015-03-20 18:05 ` Rexdf
2015-03-20 18:10 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=550C3418.9060506@thales-esecurity.com \
--to=tim.magee@thales-esecurity.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).