Re: SMBFS mount's file cannot be made executable

[Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>]

On 2019-08-14 19:40, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
>> You can often figure permissions problems

> I already figured where the problem was, in how cygwin convers (or, actually 
> doesn't) the UNIX's "x" bit into the native DAC for the underlying filesystem
> (to store as, again, "x" in the Linux share). 
> Missing that DACL, SMBD returns "Access denied" for an attempt to execute the
> .exe file.>
> I don't think that any of the requested output is of any help or indication, 
> rather than to actually show that the execute permission is missing.
> 
> $ /usr/lib/csih/getVolInfo /cygdrive/z
> Device Type        : 7
> Characteristics    : 10
> Volume Name        : <home>
> Serial Number      : 3112497429
> Max Filenamelength : 255
> Filesystemname     : <NTFS>
> Flags              : 1006f
>   FILE_CASE_SENSITIVE_SEARCH  : TRUE
>   FILE_CASE_PRESERVED_NAMES   : TRUE
>   FILE_UNICODE_ON_DISK        : TRUE
>   FILE_PERSISTENT_ACLS        : TRUE
>   FILE_FILE_COMPRESSION       : FALSE
>   FILE_VOLUME_QUOTAS          : TRUE
>   FILE_SUPPORTS_SPARSE_FILES  : TRUE
>   FILE_SUPPORTS_REPARSE_POINTS: FALSE
>   FILE_SUPPORTS_REMOTE_STORAGE: FALSE
>   FILE_VOLUME_IS_COMPRESSED   : FALSE
>   FILE_SUPPORTS_OBJECT_IDS    : TRUE
>   FILE_SUPPORTS_ENCRYPTION    : FALSE
>   FILE_NAMED_STREAMS          : FALSE
>   FILE_READ_ONLY_VOLUME       : FALSE
>   FILE_SEQUENTIAL_WRITE_ONCE  : FALSE
>   FILE_SUPPORTS_TRANSACTIONS  : FALSE
> 
> $ pwd
> /cygdrive/z
> 
> $ gcc hello.c
> 
> $ /usr/lib/csih/getVolInfo /cygdrive/z/a.exe
> Device Type        : 7
> Characteristics    : 10
> Volume Name        : <home>
> Serial Number      : 3112497429
> Max Filenamelength : 255
> Filesystemname     : <NTFS>
> Flags              : 1006f
>   FILE_CASE_SENSITIVE_SEARCH  : TRUE
>   FILE_CASE_PRESERVED_NAMES   : TRUE
>   FILE_UNICODE_ON_DISK        : TRUE
>   FILE_PERSISTENT_ACLS        : TRUE
>   FILE_FILE_COMPRESSION       : FALSE
>   FILE_VOLUME_QUOTAS          : TRUE
>   FILE_SUPPORTS_SPARSE_FILES  : TRUE
>   FILE_SUPPORTS_REPARSE_POINTS: FALSE
>   FILE_SUPPORTS_REMOTE_STORAGE: FALSE
>   FILE_VOLUME_IS_COMPRESSED   : FALSE
>   FILE_SUPPORTS_OBJECT_IDS    : TRUE
>   FILE_SUPPORTS_ENCRYPTION    : FALSE
>   FILE_NAMED_STREAMS          : FALSE
>   FILE_READ_ONLY_VOLUME       : FALSE
>   FILE_SEQUENTIAL_WRITE_ONCE  : FALSE
>   FILE_SUPPORTS_TRANSACTIONS  : FALSE
> 
> $ ls -dl /cygdrive/z/a.exe
> -rw-rw-r--+ 1 lavr cppcore 157753 Aug 14 21:30 /cygdrive/z/a.exe
> 
> $ getfacl /cygdrive/z/a.exe
> # file: /cygdrive/z/a.exe
> # owner: lavr
> # group: cppcore
> user::rw-
> user:lavr:rw-
> group::r--
> group:cppcore:r--
> mask::rw-
> other::r--
> 
> $ icacls `cygpath -w /cygdrive/z/a.exe`
> Z:\a.exe S-1-22-1-4640:(R,W)
>          S-1-22-2-5333:(R)
>          S-1-22-2-5333:(R)
>          S-1-22-1-4640:(R,W)
>          Everyone:(R)
> 
> Successfully processed 1 files; Failed processing 0 files

Prerequisite for +x is DACL and masks allowing +x on normal file system
directories and executables, as Cyggwin is emulating POSIX D/ACLs using Windows
D/ACLs:

drwxrwxr-x+ 1 SYSTEM SYSTEM 0 Aug 14 18:40 .

# file: .
# owner: SYSTEM
# group: SYSTEM
user::rwx
user:$USER:rwx
group::r-x
group:Administrators:rwx
group:$GROUP:r-x
mask::rwx
other::r-x
default:user::rwx
default:user:$USER:rwx
default:group::---
default:group:Administrators:rwx
default:mask::rwx
default:other::r-x

. NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
  NT AUTHORITY\SYSTEM:(F)
  $HOSTNAME\$USER:(RX,W,DC)
  NT AUTHORITY\SYSTEM:(RX)
  BUILTIN\Administrators:(RX,W,DC)
  BUILTIN\$GROUP:(RX)
  Everyone:(RX)
  NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,WEA,X,DC)
  CREATOR OWNER:(OI)(CI)(IO)(F)
  $HOSTNAME\$USER:(OI)(CI)(IO)(RX,W,DC)
  CREATOR GROUP:(OI)(CI)(IO)(Rc,S,RA)
  BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
  CREATOR GROUP:(OI)(CI)(IO)(DENY)(S,RD,REA,X)
  Everyone:(OI)(CI)(IO)(RX)

Successfully processed 1 files; Failed processing 0 files

-rwxr-xr-x+ 1 $USER $GROUP 158443 Aug  3  2018 test.exe
# file: test.exe
# owner: $USER
# group: $GROUP
user::rwx
group::r-x
group:SYSTEM:rwx        #effective:r-x
group:Administrators:rwx        #effective:r-x
mask::r-x
other::r-x

test.exe NULL SID:(DENY)(Rc,S,REA,X,DC)
         $HOSTNAME\$USER:(F)
         BUILTIN\$GROUP:(RX)
         NT AUTHORITY\SYSTEM:(RX,W)
         BUILTIN\Administrators:(RX,W)
         Everyone:(RX)

Successfully processed 1 files; Failed processing 0 files

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple