Permissions on Files Created with Cygwin

Permissions on Files Created with Cygwin

[Rob Stevens]

Whenever I create files with cygwin (using whatever utilitity or editor)
I get these permissions as reported by icacls:
   NULL SID:(DENY)(Rc,S,X,DC)
   MALIN\rob:(R,W,D,WDAC,WO)
   NT AUTHORITY\SYSTEM:(DENY)(S,X)
   BUILTIN\Administrators:(DENY)(S,X)
   MALIN\None:(R)
   NT AUTHORITY\SYSTEM:(RX,W)
   BUILTIN\Administrators:(RX,W)
   Everyone:(R)
These permissions are not those inherited from the containing directory.
Not that only, but the windows utilities complain the the
permissions are mal-ordered.

Is this not a bug?? Do I need a different (null?) umask in the environment?

Re: Permissions on Files Created with Cygwin

[Marco Atzeri]

On 10.02.2022 17:48, Rob Stevens wrote:
> Whenever I create files with cygwin (using whatever utilitity or editor)
> I get these permissions as reported by icacls:
>    NULL SID:(DENY)(Rc,S,X,DC)
>    MALIN\rob:(R,W,D,WDAC,WO)
>    NT AUTHORITY\SYSTEM:(DENY)(S,X)
>    BUILTIN\Administrators:(DENY)(S,X)
>    MALIN\None:(R)
>    NT AUTHORITY\SYSTEM:(RX,W)
>    BUILTIN\Administrators:(RX,W)
>    Everyone:(R)
> These permissions are not those inherited from the containing directory.
> Not that only, but the windows utilities complain the the
> permissions are mal-ordered.
> 
> Is this not a bug?? Do I need a different (null?) umask in the environment?
> 

do not change the order

https://cygwin.com/cygwin-ug-net/ntsec.html

see under "File permissions"

The order of ACEs is important. The system reads them in sequence until 
either any single requested permission is denied or all requested 
permissions are granted. Reading stops when this condition is met. Later 
ACEs are not taken into account.

Unfortunately, the security tab in the file properties dialog of the 
Windows Explorer will pop up a warning stating "The permissions on ... 
are incorrectly ordered, which may cause some entries to be 
ineffective." Pressing the Cancel button of the properties dialog 
fortunately leaves the sort order unchanged, but pressing OK will cause 
Explorer to canonicalize the order of the ACEs, thereby invalidating 
POSIX compatibility.

Re: Permissions on Files Created with Cygwin

[Brian Inglis]

On 2022-02-10 09:48, Rob Stevens wrote:
> Whenever I create files with cygwin (using whatever utilitity or editor)
> I get these permissions as reported by icacls:
>    NULL SID:(DENY)(Rc,S,X,DC)
>    MALIN\rob:(R,W,D,WDAC,WO)
>    NT AUTHORITY\SYSTEM:(DENY)(S,X)
>    BUILTIN\Administrators:(DENY)(S,X)
>    MALIN\None:(R)
>    NT AUTHORITY\SYSTEM:(RX,W)
>    BUILTIN\Administrators:(RX,W)
>    Everyone:(R)
> These permissions are not those inherited from the containing directory.
> Not that only, but the windows utilities complain the the
> permissions are mal-ordered.

That's a long time Explorer bug as it's not its preferred order.

> Is this not a bug?? Do I need a different (null?) umask in the environment?

Try running

	$ setfacl -b file...

as it sometimes reduces those ACLs to a shorter, more readable list.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]