From: Andrey Repin <anrdaemon@yandex.ru>
To: "Matt D." <matt@codespunk.com>, cygwin@cygwin.com
Subject: Re: No support for ACLs on network shares?
Date: Mon, 23 Nov 2015 11:20:00 -0000 [thread overview]
Message-ID: <89802969.20151123140802@yandex.ru> (raw)
In-Reply-To: <5652E58A.2030605@codespunk.com>
Greetings, Matt D.!
> I noticed today that when accessing a network share, the permissions for
> the current user are not resolving.
> For example, I'm connected to a network share //server/share which is a
> CentOS share with a unix login/password. The share is already logged in
> by Windows and on the keychain so I don't have to enter the login
> information.
> In Cygwin, 'cd //server/share' then 'ls -l' I get this:
> drwxrwx--- 1 Unknown+User Unix_Group+1001 0 Nov 23 2015 test
This looks like a share on a Linux(samba) server with no UID mapping active.
> I'm already logged in through windows as the 'Unknown+User' but Cygwin
> does not recognize that I have access to any of the ACLs for the owner
> or groups and also does not resolve the SID name.
This is really not Cygwin's fault. Windows does all the resolution here,
Cygwin only relay that information to you.
> The problem with this is that files created or modified are only done so
> in the 'Everyone' permission and inherited permissions such as the
> execute bit are not recognized.
> My use-case is where I've mapped a network path to either a network
> drive or a symlinked folder (with Windows mklink) with the path on the
> environment's PATH. In this case, files which are executable are not
> recognized and do not appear when calling 'which'.
> It seems as though Cygwin only maps ACLs to the SIDs stored in passwd
> and group and cannot handle ACLs when accessing network devices where
> SIDs are not present in these files. Running passwd/mkgroup after the
> share is on the keychain does not provide additional SIDs.
> Is there no support for ACLs across network shares at all?
There is. But in cases such as this, when two hosts are not parts of the same
domain, you are bound to get weird behavior in the strict security context.
You may try defer default ACL resolutions to Windows.
Edit your /etc/fstab, add the 'noacl' flag to a 'cygdrive' mount.
--
With best regards,
Andrey Repin
Monday, November 23, 2015 14:03:38
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2015-11-23 11:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-23 10:08 Matt D.
2015-11-23 11:20 ` Andrey Repin [this message]
2015-11-23 12:29 ` Matt D.
2015-11-23 13:20 ` Andrey Repin
2015-11-23 22:40 ` Linda Walsh
2015-11-26 13:42 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89802969.20151123140802@yandex.ru \
--to=anrdaemon@yandex.ru \
--cc=cygwin@cygwin.com \
--cc=matt@codespunk.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).