File permissions when using ACLs

File permissions when using ACLs

[Charles Plager]

Hi,

Short version: When writing to network drives (and probably local
ones) as Cygwin is setup by default, we see the permissions being set
using the ACLs where "creator owner"  is given "full control" and
"creator" group are given "read/execute", but by setting "special
permissions" instead of just having "full control" or "read/execute"
set.

Why does it not just set "full control" or "read/execute"?

Long, slightly different version: When the above permissions get set,
we sometimes see (sometimes = 1 file in a million or less) a file that
ends up with no permissions.  Owner loses permissions, admin loses
permissions and so far, IT has only been able to make the file go away
by reformatting the drive.

When we tell Cygwin not to use ACLs (adding the following in
/etc/fstab), this does not seem to happen (in 100 million or so files
created).

none /cygdrive/ cygdrive binary,posix=0,user,noacl 0 0


This only seems to happen for files created by Cygwin with the ACL
permissions (although, to be fair, without Cygwin, I don't know that
anybody is generating as many files).  I'm assuming it isn't Cygwin,
per say, but rather something that interacts with how Cygwin setup the
permissions (and given the rarity of the problem it is difficult to
diagnose more thoroughly.

So, to sum up:

* Why use special permissions and not default settings when using ACLs?

* Anybody else experience  files that lose all permissions?  Any
suggestions on resetting the file (short of reformatting the drive)?

* Any other hints/insights that might be useful here?

Thanks,
  Charles

p.s.  We see this behavior for Cygwin 1.7.9 and beyond.  In 1.7.5, it
doesn't appear as if the ACLs are used and it acts as if "noacl" is
set.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: File permissions when using ACLs

[Andrey Repin]

Greetings, Charles Plager!

> Short version: When writing to network drives (and probably local
> ones) as Cygwin is setup by default, we see the permissions being set
> using the ACLs where "creator owner"  is given "full control" and
> "creator" group are given "read/execute", but by setting "special
> permissions" instead of just having "full control" or "read/execute"
> set.

> Why does it not just set "full control" or "read/execute"?

Cygwin by default mimicking POSIX permission set.
If this behavior is undesirable, You can work around it by letting operating
system control the ACL.
Modify cygdrive entry in /etc/fstab to include noacl option.
Then any files accessed outside direct/implied mounts will have permissions
controlled by OS.

> Long, slightly different version: When the above permissions get set,
> we sometimes see (sometimes = 1 file in a million or less) a file that
> ends up with no permissions.  Owner loses permissions, admin loses
> permissions and so far, IT has only been able to make the file go away
> by reformatting the drive.

> When we tell Cygwin not to use ACLs (adding the following in
> /etc/fstab), this does not seem to happen (in 100 million or so files
> created).

> none /cygdrive/ cygdrive binary,posix=0,user,noacl 0 0


> This only seems to happen for files created by Cygwin with the ACL
> permissions (although, to be fair, without Cygwin, I don't know that
> anybody is generating as many files).  I'm assuming it isn't Cygwin,
> per say, but rather something that interacts with how Cygwin setup the
> permissions (and given the rarity of the problem it is difficult to
> diagnose more thoroughly.

> So, to sum up:

> * Why use special permissions and not default settings when using ACLs?

> * Anybody else experience  files that lose all permissions?  Any
> suggestions on resetting the file (short of reformatting the drive)?

> * Any other hints/insights that might be useful here?

> Thanks,
>   Charles

> p.s.  We see this behavior for Cygwin 1.7.9 and beyond.  In 1.7.5, it
> doesn't appear as if the ACLs are used and it acts as if "noacl" is
> set.


--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 11.03.2014, <16:08>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: File permissions when using ACLs

[Charles Plager]

Hi Andrey,

I understand that Cygwin is emulating POSIX permissions (and, yes, we
already turn this off using the /etc/fstab).  What I don't understand
is why it uses "special" permissions and not the standard "read/write"
options that are available.

One possibility I just though of: Cygwin uses special permissions in
the case where the file is not executable (but readable or
readable/writable)?  I guess I can see that.

I'd still love to hear from anybody who's experienced the vanishing
permissions...

Thanks!
  Charles

On Tue, Mar 11, 2014 at 8:30 AM, Andrey Repin <anrdaemon@yandex.ru> wrote:
> Greetings, Charles Plager!
>
>> Short version: When writing to network drives (and probably local
>> ones) as Cygwin is setup by default, we see the permissions being set
>> using the ACLs where "creator owner"  is given "full control" and
>> "creator" group are given "read/execute", but by setting "special
>> permissions" instead of just having "full control" or "read/execute"
>> set.
>
>> Why does it not just set "full control" or "read/execute"?
>
> Cygwin by default mimicking POSIX permission set.
> If this behavior is undesirable, You can work around it by letting operating
> system control the ACL.
> Modify cygdrive entry in /etc/fstab to include noacl option.
> Then any files accessed outside direct/implied mounts will have permissions
> controlled by OS.
>
>> Long, slightly different version: When the above permissions get set,
>> we sometimes see (sometimes = 1 file in a million or less) a file that
>> ends up with no permissions.  Owner loses permissions, admin loses
>> permissions and so far, IT has only been able to make the file go away
>> by reformatting the drive.
>
>> When we tell Cygwin not to use ACLs (adding the following in
>> /etc/fstab), this does not seem to happen (in 100 million or so files
>> created).
>
>> none /cygdrive/ cygdrive binary,posix=0,user,noacl 0 0
>
>
>> This only seems to happen for files created by Cygwin with the ACL
>> permissions (although, to be fair, without Cygwin, I don't know that
>> anybody is generating as many files).  I'm assuming it isn't Cygwin,
>> per say, but rather something that interacts with how Cygwin setup the
>> permissions (and given the rarity of the problem it is difficult to
>> diagnose more thoroughly.
>
>> So, to sum up:
>
>> * Why use special permissions and not default settings when using ACLs?
>
>> * Anybody else experience  files that lose all permissions?  Any
>> suggestions on resetting the file (short of reformatting the drive)?
>
>> * Any other hints/insights that might be useful here?
>
>> Thanks,
>>   Charles
>
>> p.s.  We see this behavior for Cygwin 1.7.9 and beyond.  In 1.7.5, it
>> doesn't appear as if the ACLs are used and it acts as if "noacl" is
>> set.
>
>
> --
> WBR,
> Andrey Repin (anrdaemon@yandex.ru) 11.03.2014, <16:08>
>
> Sorry for my terrible english...
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: File permissions when using ACLs

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 949 bytes --]

On Mar 11 08:40, Charles Plager wrote:
> Hi Andrey,
> 
> I understand that Cygwin is emulating POSIX permissions (and, yes, we
> already turn this off using the /etc/fstab).  What I don't understand
> is why it uses "special" permissions and not the standard "read/write"
> options that are available.
> 
> One possibility I just though of: Cygwin uses special permissions in
> the case where the file is not executable (but readable or
> readable/writable)?  I guess I can see that.

That, and the FILE_DELETE_CHILD flag.  But you're just looking into the
simplified output on the security tab.  The "advanced" view is a bit
more helpful, though not exactly.

> I'd still love to hear from anybody who's experienced the vanishing
> permissions...

Never seen that.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

Re: File permissions when using ACLs

[Achim Gratz]

Charles Plager writes:
> * Anybody else experience  files that lose all permissions?  Any
> suggestions on resetting the file (short of reformatting the drive)?

Ahem.  Yes, that has happened once to me.  I don't know how the IT guys
fixed it exactly, but they eventually deleted that file without
formatting the disk or rebooting the server.  The process starts with
(recursively) taking ownership of said file or directory and then
re-enabling the right to delete, IIRC.

I've been using "noacl" mount option for that particular server ever
since (also because it is slow enough as is and gets slower still when
using ACL).

> * Any other hints/insights that might be useful here?

Not really, except that concurrent access to other files in the same
directory seemed to be involved.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple