* [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
@ 2015-04-12 19:23 Corinna Vinschen
2015-04-12 21:19 ` Bryan Berns
0 siblings, 1 reply; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-12 19:23 UTC (permalink / raw)
To: cygwin
Hi Cygwin friends and users,
New 2.0.0-0.3 test release. It's supposed to fix the pty chmod problem
reported in https://cygwin.com/ml/cygwin/2015-04/msg00240.html
Other than that...
The important change in this release is the POSIX permission handling
change, a rewrite of the underlying routines reading and creating
Windows ACLs following POSIX permission rules and POSIX ACL creating
rules per POSIX 1003.1e draft 17, as on Linux.
For a description of POSIX ACLs, see http://linux.die.net/man/5/acl
All changes in this release so far:
===================================
- New, unified implementation of POSIX permission and ACL handling. The
new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
they allow to inherit the S_ISGID bit. ACL inheritance now really
works as desired, in a limited, but theoretically equivalent fashion
even for non-Cygwin processes.
To accommodate Windows default ACLs, the new code ignores SYSTEM and
Administrators group permissions when computing the MASK/CLASS_OBJ
permission mask on old ACLs, and it doesn't deny access to SYSTEM and
Administrators group based on the value of MASK/CLASS_OBJ when
creating the new ACLs.
The new code now handles the S_ISGID bit on directories as on Linux:
Setting S_ISGID on a directory causes new files and subdirs created
within to inherit its group, rather than the primary group of the user
who created the file. This only works for files and directories
created by Cygwin processes.
- basename(3) now comes in two flavors, POSIX and GNU. The POSIX version is
the default. You get the GNU version after
#define _GNU_SOURCE
#include <string.h>
- The maximum number of PTYs has been raised from 64 to 128.
Bug Fixes
---------
- Fix potential hang in pseudo ttys when generating ECHO output while the slave
is flooding the pty with output.
Addresses: https://cygwin.com/ml/cygwin/2015-03/msg00019.html
- Fix potential premature SIGHUP in pty code.
Addresses: https://cygwin.com/ml/cygwin/2015-03/msg00070.html
- Fix a name change from symlink to target name in calls to execvp, system, etc.
Addresses: https://cygwin.com/ml/cygwin/2015-03/msg00270.html
- Fix internal error in pty -ONLCR handling. Fix timing bug in pty OPOST
handling.
Addresses: https://cygwin.com/ml/cygwin/2015-02/msg00929.html
NOTE: This change introduces a not yet addressed regression.
Native Windows tools generating output with Unix LF instead of
Windows CRLF line endings will not get OPOST handling. This
prominently affects icacls.
- Avoid creating passwd and group records from fully qualified Windows
account names (domain\name, name@domain).
Addresses: https://cygwin.com/ml/cygwin/2015-03/msg00528.html
- Avoid potential crash at startup or in getgroups(2).
Addresses: https://cygwin.com/ml/cygwin/2015-04/msg00010.html
- Fix UTF-16 surrogate handling in wctomb and friends.
Addresses: https://cygwin.com/ml/cygwin/2015-03/msg00452.html
To install 32-bit Cygwin use https://cygwin.com/setup-x86.exe
To install 64 bit Cygwin use https://cygwin.com/setup-x86_64.exe
If you're already running a 32 bit version of Cygwin on 64 bit Windows
machines, you can continue to do so. If you're planning a new install
of Cygwin on a 64 bit Windows machine, consider to use the new 64 bit
Cygwin version, unless you need certain packages not yet available in
the 64 bit release.
Have fun,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-12 19:23 [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3 Corinna Vinschen
@ 2015-04-12 21:19 ` Bryan Berns
2015-04-13 7:17 ` Corinna Vinschen
0 siblings, 1 reply; 23+ messages in thread
From: Bryan Berns @ 2015-04-12 21:19 UTC (permalink / raw)
To: cygwin
On Sun, Apr 12, 2015 at 3:17 PM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> Hi Cygwin friends and users,
>
>
> New 2.0.0-0.3 test release. It's supposed to fix the pty chmod problem
> reported in https://cygwin.com/ml/cygwin/2015-04/msg00240.html
>
Just a note: In 2.0.0-0.2, creating a file using touch on the root of
one of my drives resulted in the with the Windows GUI Security tabs
complaining about ACE order on the resultant file. In 2.0.0-0.3,
Windows does not complain and the ACL looks quite a bit different
(shown below). Not sure if this is a problem or not --- just wanted
to report the difference in case your fix had an unintended side
affect. Given my heart skips a beat when I see DENY ACEs, I like the
new behavior behavior better.
V:\>icacls v:
v: BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
NT AUTHORITY\Authenticated Users:(OI)(CI)(M)
BUILTIN\Users:(OI)(CI)(RX)
Output from file created from 2.0.0-0.3:
V:\>icacls touch-from-3
touch-from-3 DOMAIN\Administrator:(R,W,D,WDAC,WO)
DOMAIN\Domain Users:(R)
Everyone:(R)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\Authenticated Users:(M)
BUILTIN\Users:(RX)
Successfully processed 1 files; Failed processing 0 files
Output from file created from 2.0.0-0.2:
V:\>icacls touch-from-2
touch-from-2 NULL SID:(DENY)(Rc,S,WEA,X,DC)
DOMAIN\Administrator:(R,W,D,WDAC,WO)
DOMAIN\Domain Users:(DENY)(S,X)
NT AUTHORITY\Authenticated Users:(DENY)(S,X)
BUILTIN\Users:(DENY)(S,X)
DOMAIN\Domain Users:(RX)
NT AUTHORITY\Authenticated Users:(RX,W)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
BUILTIN\Users:(RX)
Everyone:(R)
Successfully processed 1 files; Failed processing 0 files
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-12 21:19 ` Bryan Berns
@ 2015-04-13 7:17 ` Corinna Vinschen
2015-04-13 7:32 ` Corinna Vinschen
2015-04-13 11:13 ` Bryan Berns
0 siblings, 2 replies; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-13 7:17 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 3067 bytes --]
On Apr 12 17:19, Bryan Berns wrote:
> On Sun, Apr 12, 2015 at 3:17 PM, Corinna Vinschen
> <corinna-cygwin@cygwin.com> wrote:
> > Hi Cygwin friends and users,
> >
> >
> > New 2.0.0-0.3 test release. It's supposed to fix the pty chmod problem
> > reported in https://cygwin.com/ml/cygwin/2015-04/msg00240.html
> >
>
> Just a note: In 2.0.0-0.2, creating a file using touch on the root of
> one of my drives resulted in the with the Windows GUI Security tabs
> complaining about ACE order on the resultant file. In 2.0.0-0.3,
> Windows does not complain and the ACL looks quite a bit different
> (shown below). Not sure if this is a problem or not --- just wanted
> to report the difference in case your fix had an unintended side
> affect. Given my heart skips a beat when I see DENY ACEs, I like the
> new behavior behavior better.
Deny ACEs, if used correctly, are ok. Cygwin needs them to implement
the POSIX ACL MASK value. Consider:
mask: rw-
user foo: r-x
---
effective: r--
Cygwin needs to know that user foo has real permission r-x, so
the ALLOW ACE contains (RX). But the mask value forbids write
perms, so the user gets a DENY ACE, along these lines:
MASK: rwx
foo DENY: --x
foo ALLOW: r-x
So the effective permissions for user foo are r--, while Cygwin
still knows that the actual permissions are r-x.
> V:\>icacls v:
> v: BUILTIN\Administrators:(OI)(CI)(F)
> NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> NT AUTHORITY\Authenticated Users:(OI)(CI)(M)
> BUILTIN\Users:(OI)(CI)(RX)
>
> Output from file created from 2.0.0-0.3:
>
> V:\>icacls touch-from-3
> touch-from-3 DOMAIN\Administrator:(R,W,D,WDAC,WO)
> DOMAIN\Domain Users:(R)
> Everyone:(R)
> BUILTIN\Administrators:(F)
> NT AUTHORITY\SYSTEM:(F)
> NT AUTHORITY\Authenticated Users:(M)
> BUILTIN\Users:(RX)
I don't believe this is an ACL created by Cygwin 2.0.0 at all.
It's missing the NULL deny ACE.
> Successfully processed 1 files; Failed processing 0 files
>
> Output from file created from 2.0.0-0.2:
>
> V:\>icacls touch-from-2
> touch-from-2 NULL SID:(DENY)(Rc,S,WEA,X,DC)
> DOMAIN\Administrator:(R,W,D,WDAC,WO)
> DOMAIN\Domain Users:(DENY)(S,X)
> NT AUTHORITY\Authenticated Users:(DENY)(S,X)
> BUILTIN\Users:(DENY)(S,X)
> DOMAIN\Domain Users:(RX)
> NT AUTHORITY\Authenticated Users:(RX,W)
> NT AUTHORITY\SYSTEM:(RX,W)
> BUILTIN\Administrators:(RX,W)
> BUILTIN\Users:(RX)
> Everyone:(R)
The ACL looks vaguely ok, but I'd need to know the owner, group,
and what Cygwin thinks the ACLs look like in POSIX speak (getfacl
output).
I'm AFK most of today, though, so a reply may take a while...
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-13 7:17 ` Corinna Vinschen
@ 2015-04-13 7:32 ` Corinna Vinschen
2015-04-13 11:13 ` Bryan Berns
1 sibling, 0 replies; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-13 7:32 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1507 bytes --]
On Apr 13 09:17, Corinna Vinschen wrote:
> On Apr 12 17:19, Bryan Berns wrote:
> > On Sun, Apr 12, 2015 at 3:17 PM, Corinna Vinschen
> > <corinna-cygwin@cygwin.com> wrote:
> > > Hi Cygwin friends and users,
> > >
> > >
> > > New 2.0.0-0.3 test release. It's supposed to fix the pty chmod problem
> > > reported in https://cygwin.com/ml/cygwin/2015-04/msg00240.html
> > >
> >
> > Just a note: In 2.0.0-0.2, creating a file using touch on the root of
> > one of my drives resulted in the with the Windows GUI Security tabs
> > complaining about ACE order on the resultant file.
I forgot to mention: Yes, that's expected for some ACLs. Cygwin tries
to minimize the number of DENY ACEs, but depending on the permissions
and the MASK value you end up with something like this:
NULL DENY
USER 1 DENY
USER 2 DENY
...
USER 1 ALLOW
USER 2 ALLOW
...
GROUP 1 DENY
GROUP 2 DENY
...
GROUP 1 ALLOW
GROUP 2 ALLOW
...
OTHER ALLOW
Rinse and repeate with default (aka "inheritable") permissions.
This or some other, similar technique is required to reproduce POSIX
ACLs with Windows ACLs. Don't let the Windows GUI reorder them to
generate the "canonical" (but incomplete) order. This is along the
same lines as described in
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-13 7:17 ` Corinna Vinschen
2015-04-13 7:32 ` Corinna Vinschen
@ 2015-04-13 11:13 ` Bryan Berns
1 sibling, 0 replies; 23+ messages in thread
From: Bryan Berns @ 2015-04-13 11:13 UTC (permalink / raw)
To: cygwin
> On Apr 12 17:19, Bryan Berns wrote:
>> On Sun, Apr 12, 2015 at 3:17 PM, Corinna Vinschen
>> <corinna-cygwin@cygwin.com> wrote:
>>
>> V:\>icacls touch-from-3
>> touch-from-3 DOMAIN\Administrator:(R,W,D,WDAC,WO)
>> DOMAIN\Domain Users:(R)
>> Everyone:(R)
>> BUILTIN\Administrators:(F)
>> NT AUTHORITY\SYSTEM:(F)
>> NT AUTHORITY\Authenticated Users:(M)
>> BUILTIN\Users:(RX)
>
> I don't believe this is an ACL created by Cygwin 2.0.0 at all.
> It's missing the NULL deny ACE.
Now that I'm testing again, I think you're right; I had an older
installation on my backup drive try that I think somehow tainted one
of my sessions. I'll include version information in my output in the
future. Sorry!
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-15 7:46 ` Houder
@ 2015-04-15 9:04 ` Corinna Vinschen
0 siblings, 0 replies; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-15 9:04 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1850 bytes --]
On Apr 15 09:46, Houder wrote:
> %% getfacl alfa
> # file: alfa
> # owner: Test
> # group: None
> user::r--
> group::rw-
> other:---
>
> %% icacls.sh alfa
> E:/Cygwin-test/home/Test/alfa
> Owner: Test, Group: None
> NULL SID (DENY)(Rc,S)
> Seven\Test (DENY)(S,WD,AD,WEA,DC)
> Seven\Test (R,D,WDAC,WO,WA)
> Seven\None (R,W)
> Everyone (Rc,S,RA)
> Successfully processed 1 files; Failed processing 0 files
>
> %% ls -ld .
> drwxr-xr-x+ 1 Test None 0 Apr 14 19:39 .
>
> %% getfacl .
> # file: .
> # owner: Test
> # group: None
> user::rwx
> group::r-x
> other:r-x
> default:user::rwx
> default:group::r-x
> default:other:r-x
>
> %% icacls.sh .
> E:/Cygwin-test/home/Test/
> Owner: Test, Group: None
> NULL SID (DENY)(Rc,S)
> Seven\Test (F)
> Seven\None (RX)
> Everyone (RX)
> NULL SID (OI)(CI)(IO)(DENY)(Rc,S)
> CREATOR OWNER (OI)(CI)(IO)(F)
> CREATOR GROUP (OI)(CI)(IO)(RX)
> Everyone (OI)(CI)(IO)(RX)
> Successfully processed 1 files; Failed processing 0 files
>
> Whether or not the DACLs of file alfa and parent directory make sense, I must
> rely on your wisdom ...
They do look good to me. I'm just wondering if I shouldn't drop the
NULL ACE if there's neither one of the special POSIX permission bits
(S_ISUID, S_ISGID, S_ISVTX) nor a CLASS_OBJ. Hmm.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-15 7:13 ` Corinna Vinschen
@ 2015-04-15 7:46 ` Houder
2015-04-15 9:04 ` Corinna Vinschen
0 siblings, 1 reply; 23+ messages in thread
From: Houder @ 2015-04-15 7:46 UTC (permalink / raw)
To: cygwin
> On Apr 14 20:38, Houder wrote:
>> > On Apr 14 18:32, Houder wrote:
>> >> Btw, I will only report back on this in case you are INcorrect above.
>> >
>> > Uhm... I wouldn't be too unhappy to get positive feedback as well...
>>
>> Oh well, alright, I tried to save us both some time :-)
>>
>> Reinstalled the whole shebang, and re-executed my test. This time I was
>> NOT surprised.
>
> Cool, thanks! Did you inspect the ACLs for directories and files?
> Do they make sense?
Oops, better make a proper report next time :-)
%% pwd
/home/Test
%% ls -l
total 1
-r--rw---- 1 Test None 6 Apr 14 19:40 alfa
%% getfacl alfa
# file: alfa
# owner: Test
# group: None
user::r--
group::rw-
other:---
%% icacls.sh alfa
E:/Cygwin-test/home/Test/alfa
Owner: Test, Group: None
NULL SID (DENY)(Rc,S)
Seven\Test (DENY)(S,WD,AD,WEA,DC)
Seven\Test (R,D,WDAC,WO,WA)
Seven\None (R,W)
Everyone (Rc,S,RA)
Successfully processed 1 files; Failed processing 0 files
%% ls -ld .
drwxr-xr-x+ 1 Test None 0 Apr 14 19:39 .
%% getfacl .
# file: .
# owner: Test
# group: None
user::rwx
group::r-x
other:r-x
default:user::rwx
default:group::r-x
default:other:r-x
%% icacls.sh .
E:/Cygwin-test/home/Test/
Owner: Test, Group: None
NULL SID (DENY)(Rc,S)
Seven\Test (F)
Seven\None (RX)
Everyone (RX)
NULL SID (OI)(CI)(IO)(DENY)(Rc,S)
CREATOR OWNER (OI)(CI)(IO)(F)
CREATOR GROUP (OI)(CI)(IO)(RX)
Everyone (OI)(CI)(IO)(RX)
Successfully processed 1 files; Failed processing 0 files
Whether or not the DACLs of file alfa and parent directory make sense, I must
rely on your wisdom ...
Regards,
Henri
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 18:38 ` Houder
@ 2015-04-15 7:13 ` Corinna Vinschen
2015-04-15 7:46 ` Houder
0 siblings, 1 reply; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-15 7:13 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 637 bytes --]
On Apr 14 20:38, Houder wrote:
> > On Apr 14 18:32, Houder wrote:
> >> Btw, I will only report back on this in case you are INcorrect above.
> >
> > Uhm... I wouldn't be too unhappy to get positive feedback as well...
>
> Oh well, alright, I tried to save us both some time :-)
>
> Reinstalled the whole shebang, and re-executed my test. This time I was
> NOT surprised.
Cool, thanks! Did you inspect the ACLs for directories and files?
Do they make sense?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 18:21 ` Corinna Vinschen
@ 2015-04-14 18:38 ` Houder
2015-04-15 7:13 ` Corinna Vinschen
0 siblings, 1 reply; 23+ messages in thread
From: Houder @ 2015-04-14 18:38 UTC (permalink / raw)
To: cygwin
> On Apr 14 18:32, Houder wrote:
>> Btw, I will only report back on this in case you are INcorrect above.
>
> Uhm... I wouldn't be too unhappy to get positive feedback as well...
Oh well, alright, I tried to save us both some time :-)
Reinstalled the whole shebang, and re-executed my test. This time I was
NOT surprised.
(only for the 32-bits version of Cygwin)
Thank you!
Regards,
Henri
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 16:32 ` Houder
@ 2015-04-14 18:21 ` Corinna Vinschen
2015-04-14 18:38 ` Houder
0 siblings, 1 reply; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-14 18:21 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1545 bytes --]
On Apr 14 18:32, Houder wrote:
> > On Apr 14 17:26, Houder wrote:
> >> > Everyone:(Rc,S,RA)
> >> >
> >> > The only reason I can think of is that the parent dir has default
> >> > permissions which imply the mask value already. So, what does
> >> > `icacls . | cat' in this directory print?
> >>
> >> %% icacls . | cat
> >> . NULL SID:(DENY)(Rc,S,REA,X,DC)
> >> Seven\Test:(F)
> >> Seven\None:(RX)
> >> Everyone:(RX)
> >> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,X,DC)
> >
> > As I thought. There's a mask value already in there which influences
> > how the default permissions are inherited. You created this dir with
> > Cygwin 2.0 already, right? Remove the masks with
>
> You created this dir with Cygwin 2.0 already, right? Correct! I did not
> occur to me to start all over again ...
No, me neither, sorry.
> > $ setfacl -d m:,d:m: .
> >
> > and try again.
> >
> >> CREATOR OWNER:(OI)(CI)(IO)(F)
> >> CREATOR GROUP:(OI)(CI)(IO)(RX)
> >> Everyone:(OI)(CI)(IO)(RX)
> >
> > This *should* work now. I fear you have to remove the masks from
> > all files and dirs created by Cygwin 2.0. Sorry, but that's what
> > testing is for ;}
>
> No problem at all ...
>
> Btw, I will only report back on this in case you are INcorrect above.
Uhm... I wouldn't be too unhappy to get positive feedback as well...
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 15:45 ` Corinna Vinschen
@ 2015-04-14 16:32 ` Houder
2015-04-14 18:21 ` Corinna Vinschen
0 siblings, 1 reply; 23+ messages in thread
From: Houder @ 2015-04-14 16:32 UTC (permalink / raw)
To: cygwin
> On Apr 14 17:26, Houder wrote:
>> > Everyone:(Rc,S,RA)
>> >
>> > The only reason I can think of is that the parent dir has default
>> > permissions which imply the mask value already. So, what does
>> > `icacls . | cat' in this directory print?
>>
>> %% icacls . | cat
>> . NULL SID:(DENY)(Rc,S,REA,X,DC)
>> Seven\Test:(F)
>> Seven\None:(RX)
>> Everyone:(RX)
>> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,X,DC)
>
> As I thought. There's a mask value already in there which influences
> how the default permissions are inherited. You created this dir with
> Cygwin 2.0 already, right? Remove the masks with
You created this dir with Cygwin 2.0 already, right? Correct! I did not
occur to me to start all over again ...
> $ setfacl -d m:,d:m: .
>
> and try again.
>
>> CREATOR OWNER:(OI)(CI)(IO)(F)
>> CREATOR GROUP:(OI)(CI)(IO)(RX)
>> Everyone:(OI)(CI)(IO)(RX)
>
> This *should* work now. I fear you have to remove the masks from
> all files and dirs created by Cygwin 2.0. Sorry, but that's what
> testing is for ;}
No problem at all ...
Btw, I will only report back on this in case you are INcorrect above.
Henri
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 15:35 ` Achim Gratz
@ 2015-04-14 15:53 ` Corinna Vinschen
0 siblings, 0 replies; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-14 15:53 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1333 bytes --]
On Apr 14 15:35, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > Yes, perfectly normal and that already occured with older ACLs
> > created by Cygwin:
> >
> > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files
> >
> > Don't reorder them.
>
> Ah, OK. I must have been lucky not to encounter them so far.
The order is only supposed to become non-canonical if user(s)
have less permissions than group(s), and if group(s) have more
permissions than the MASK value and less permisssions than "other".
In these cases, DENY ACEs have to be generated to create an ACE which
fully supports POSIX permissions.
However, the DENY ACEs for groups must not precede the ALLOW ACEs for
USERs due to the way permissions are handled by the OS. "Canonical"
ACLs just don't allow to fully express POSIX permissions. It's a pity
that this arbitrary rule has been expressed, especially given that the
OS doesn't really care. It handles the ACEs simply in order of
occurance. There's also no good reason that the GUI wants to reorder,
except that Microsoft didn't implement a GUI which allows manual
ordering of ACEs.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 15:26 ` Houder
@ 2015-04-14 15:45 ` Corinna Vinschen
2015-04-14 16:32 ` Houder
0 siblings, 1 reply; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-14 15:45 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1086 bytes --]
On Apr 14 17:26, Houder wrote:
> > Everyone:(Rc,S,RA)
> >
> > The only reason I can think of is that the parent dir has default
> > permissions which imply the mask value already. So, what does
> > `icacls . | cat' in this directory print?
>
> %% icacls . | cat
> . NULL SID:(DENY)(Rc,S,REA,X,DC)
> Seven\Test:(F)
> Seven\None:(RX)
> Everyone:(RX)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,X,DC)
As I thought. There's a mask value already in there which influences
how the default permissions are inherited. You created this dir with
Cygwin 2.0 already, right? Remove the masks with
$ setfacl -d m:,d:m: .
and try again.
> CREATOR OWNER:(OI)(CI)(IO)(F)
> CREATOR GROUP:(OI)(CI)(IO)(RX)
> Everyone:(OI)(CI)(IO)(RX)
This *should* work now. I fear you have to remove the masks from
all files and dirs created by Cygwin 2.0. Sorry, but that's what
testing is for ;}
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 14:52 ` Corinna Vinschen
@ 2015-04-14 15:35 ` Achim Gratz
2015-04-14 15:53 ` Corinna Vinschen
0 siblings, 1 reply; 23+ messages in thread
From: Achim Gratz @ 2015-04-14 15:35 UTC (permalink / raw)
To: cygwin
Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> Yes, perfectly normal and that already occured with older ACLs
> created by Cygwin:
>
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files
>
> Don't reorder them.
Ah, OK. I must have been lucky not to encounter them so far.
Regards,
Achim.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 15:12 ` Corinna Vinschen
@ 2015-04-14 15:26 ` Houder
2015-04-14 15:45 ` Corinna Vinschen
0 siblings, 1 reply; 23+ messages in thread
From: Houder @ 2015-04-14 15:26 UTC (permalink / raw)
To: cygwin
> On Apr 14 17:01, Houder wrote:
>> %% uname -a
>> CYGWIN_NT-6.1-WOW Seven 2.0.0(0.287/5/3) 2015-04-14 10:45 i686 Cygwin
>> %% pwd
>> /home/Test
>> %% touch alfa
>> %% chmod 460 alfa
>> %% echo aha > alfa
>> bash: alfa: Permission denied # no problem here ...
>>
>> %% getfacl alfa
>> # file: alfa
>> # owner: Test
>> # group: None
>> user::r--
>> group::r-x
>> mask:rw-
>> other:---
>> %% icacls alfa
>> alfa NULL SID:(DENY)(Rc,S,WEA,X,DC)
>> Seven\Test:(DENY)(S,WD,AD,WEA,DC)
>> Seven\Test:(R,D,WDAC,WO,WA)
>> Seven\None:(DENY)(S,X)
>> Seven\None:(RX)
>> Everyone:(Rc,S,RA)
>> Successfully processed 1 files; Failed processing 0 files
>> %%
>
> This looks exactly like the ACL created by -0.3. It produces this MASK
> value. The rest is just the logical consequence. But it doesn't do
> that for me:
>
> $ uname -a
> CYGWIN_NT-6.3 vmbert8164 2.0.0(0.287/5/3) 2015-04-14 10:47 x86_64 Cygwin
> $ touch alfa
> $ getfacl alfa
> # file: alfa
> # owner: corinna
> # group: vinschen
> user::rw-
> group::r--
> other:r--
>
> $ chmod 460 alfa
> $ getfacl alfa
> # file: alfa
> # owner: corinna
> # group: vinschen
> user::r--
> group::rw-
> other:---
>
> $ icacls alfa | cat
> alfa NULL SID:(DENY)(Rc,S)
> VINSCHEN\corinna:(DENY)(S,WD,AD,WEA,DC)
> VINSCHEN\corinna:(R,D,WDAC,WO,WA)
> VINSCHEN\vinschen:(R,W)
> Everyone:(Rc,S,RA)
>
> The only reason I can think of is that the parent dir has default
> permissions which imply the mask value already. So, what does
> `icacls . | cat' in this directory print?
%% icacls . | cat
. NULL SID:(DENY)(Rc,S,REA,X,DC)
Seven\Test:(F)
Seven\None:(RX)
Everyone:(RX)
NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,X,DC)
CREATOR OWNER:(OI)(CI)(IO)(F)
CREATOR GROUP:(OI)(CI)(IO)(RX)
Everyone:(OI)(CI)(IO)(RX)
Successfully processed 1 files; Failed processing 0 files
>
> Corinna
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Maintainer cygwin AT cygwin DOT com
> Red Hat
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 15:01 ` Houder
@ 2015-04-14 15:12 ` Corinna Vinschen
2015-04-14 15:26 ` Houder
0 siblings, 1 reply; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-14 15:12 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1746 bytes --]
On Apr 14 17:01, Houder wrote:
> %% uname -a
> CYGWIN_NT-6.1-WOW Seven 2.0.0(0.287/5/3) 2015-04-14 10:45 i686 Cygwin
> %% pwd
> /home/Test
> %% touch alfa
> %% chmod 460 alfa
> %% echo aha > alfa
> bash: alfa: Permission denied # no problem here ...
>
> %% getfacl alfa
> # file: alfa
> # owner: Test
> # group: None
> user::r--
> group::r-x
> mask:rw-
> other:---
> %% icacls alfa
> alfa NULL SID:(DENY)(Rc,S,WEA,X,DC)
> Seven\Test:(DENY)(S,WD,AD,WEA,DC)
> Seven\Test:(R,D,WDAC,WO,WA)
> Seven\None:(DENY)(S,X)
> Seven\None:(RX)
> Everyone:(Rc,S,RA)
> Successfully processed 1 files; Failed processing 0 files
> %%
This looks exactly like the ACL created by -0.3. It produces this MASK
value. The rest is just the logical consequence. But it doesn't do
that for me:
$ uname -a
CYGWIN_NT-6.3 vmbert8164 2.0.0(0.287/5/3) 2015-04-14 10:47 x86_64 Cygwin
$ touch alfa
$ getfacl alfa
# file: alfa
# owner: corinna
# group: vinschen
user::rw-
group::r--
other:r--
$ chmod 460 alfa
$ getfacl alfa
# file: alfa
# owner: corinna
# group: vinschen
user::r--
group::rw-
other:---
$ icacls alfa | cat
alfa NULL SID:(DENY)(Rc,S)
VINSCHEN\corinna:(DENY)(S,WD,AD,WEA,DC)
VINSCHEN\corinna:(R,D,WDAC,WO,WA)
VINSCHEN\vinschen:(R,W)
Everyone:(Rc,S,RA)
The only reason I can think of is that the parent dir has default
permissions which imply the mask value already. So, what does
`icacls . | cat' in this directory print?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 14:50 ` Corinna Vinschen
@ 2015-04-14 15:01 ` Houder
2015-04-14 15:12 ` Corinna Vinschen
0 siblings, 1 reply; 23+ messages in thread
From: Houder @ 2015-04-14 15:01 UTC (permalink / raw)
To: cygwin
> On Apr 14 16:18, Houder wrote:
>> Btw, I installed update 4 to Cygwin 2.0 ... and observe no change in the output
>> of getfacl, icacls ... also user Henri is still denied write access ...
>
> Did you re-create the file?
No ... I created a second file, named alfa ...
Henri
++ Cygwin 2.0 -- logged on as user Test
%% uname -a
CYGWIN_NT-6.1-WOW Seven 2.0.0(0.287/5/3) 2015-04-14 10:45 i686 Cygwin
%% pwd
/home/Test
%% touch alfa
%% chmod 460 alfa
%% echo aha > alfa
bash: alfa: Permission denied # no problem here ...
%% getfacl alfa
# file: alfa
# owner: Test
# group: None
user::r--
group::r-x
mask:rw-
other:---
%% icacls alfa
alfa NULL SID:(DENY)(Rc,S,WEA,X,DC)
Seven\Test:(DENY)(S,WD,AD,WEA,DC)
Seven\Test:(R,D,WDAC,WO,WA)
Seven\None:(DENY)(S,X)
Seven\None:(RX)
Everyone:(Rc,S,RA)
Successfully processed 1 files; Failed processing 0 files
%%
++ logoff as Test, logged on as Henri
%% cd ../Test
%% pwd
/home/Test
%% id
uid=197608(Henri) gid=197121(None) groups=197121(None), ...
%% ls -l alfa
-r--rw---- 1 Test None 0 Apr 14 15:28 alfa
%% echo ho,ho > alfa
bash: alfa: Permission denied # here is my problem <====
%% getfacl alfa
# file: alfa
# owner: Test
# group: None
user::r--
group::r-x
mask:rw-
other:---
%% icacls alfa
alfa NULL SID:(DENY)(Rc,S,WEA,X,DC)
Seven\Test:(DENY)(S,WD,AD,WEA,DC)
Seven\Test:(R,D,WDAC,WO,WA)
Seven\None:(DENY)(S,X)
Seven\None:(RX)
Everyone:(Rc,S,RA)
Successfully processed 1 files; Failed processing 0 files
%%
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 14:27 ` Achim Gratz
@ 2015-04-14 14:52 ` Corinna Vinschen
2015-04-14 15:35 ` Achim Gratz
0 siblings, 1 reply; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-14 14:52 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 728 bytes --]
On Apr 14 14:27, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > I uploaded new snapshots to https://cygwin.com/snapshots/ and I'm just
> > uploading a 2.0.0-0.4 release.
> >
> > Please give either of them a try.
>
> Windows Server 2012R2 complains about the ordering of DACL after Cygwin has
> touched them when opening the security tab in explorer.
Yes, perfectly normal and that already occured with older ACLs
created by Cygwin:
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files
Don't reorder them.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 14:18 ` Houder
@ 2015-04-14 14:50 ` Corinna Vinschen
2015-04-14 15:01 ` Houder
0 siblings, 1 reply; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-14 14:50 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1891 bytes --]
On Apr 14 16:18, Houder wrote:
> > On Apr 13 18:10, Houder wrote:
>
> >> = Cygwin 2.0 -- logged on as user Test
> >>
> >> %% uname -a
> >> CYGWIN_NT-6.1-WOW Seven 2.0.0(0.287/5/3) 2015-04-12 21:09 i686 Cygwin
> >> %% pwd
> >> /home/Test
> >> %% id
> >> uid=197614(Test) gid=197121(None) groups=197121(None), ... followed by irrelevant j.
> >> 545(Users), 4(INTERACTIVE)66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local
> >> acount),4095(CurrentSession),
> >> 66048(LOCAL),262154(NTLM Authentication),401408(Medim Mandatory Level)
> >> %% touch file
> >> %% chmod 460 file
> >> %% echo aha > file
> >> bash: file: Permission denied
> >>
> >> %% getfacl file
> >> # file: file
> >> # owner: Test
> >> # group: None
> >> user::r--
> >> group::r-x
> >> mask:rw-
> >
> > Huh? So it creates a mask even though it only contains standard POSIX
> > permissions. This explains the "permission denied". The group r-x
> > combined with a mask rw- results in effective r-- permissions for the
> > group None. This yet again calls for adding the output of effective
> > permissions to getacl.
>
> Now I am confused ...
>
> Permission denied above (logon as user Test) did NOT surprise me ... It was
> the 'write denial' after that (logon as user Henri).
Yes. That's what I explained. The user Henri has only access to the
file via the permissions of None or Everyone. Since the wrongly created
mask only allowed read permissions to group None, Henri has no write
perms.
> Btw, I installed update 4 to Cygwin 2.0 ... and observe no change in the output
> of getfacl, icacls ... also user Henri is still denied write access ...
Did you re-create the file?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 8:58 ` Corinna Vinschen
2015-04-14 14:18 ` Houder
@ 2015-04-14 14:27 ` Achim Gratz
2015-04-14 14:52 ` Corinna Vinschen
1 sibling, 1 reply; 23+ messages in thread
From: Achim Gratz @ 2015-04-14 14:27 UTC (permalink / raw)
To: cygwin
Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> I uploaded new snapshots to https://cygwin.com/snapshots/ and I'm just
> uploading a 2.0.0-0.4 release.
>
> Please give either of them a try.
Windows Server 2012R2 complains about the ordering of DACL after Cygwin has
touched them when opening the security tab in explorer. Specifically it
seems to want any entry for "Everyone" to be at the very end of the list,
rather than after the NULL SID.
Regards,
Achim.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-14 8:58 ` Corinna Vinschen
@ 2015-04-14 14:18 ` Houder
2015-04-14 14:50 ` Corinna Vinschen
2015-04-14 14:27 ` Achim Gratz
1 sibling, 1 reply; 23+ messages in thread
From: Houder @ 2015-04-14 14:18 UTC (permalink / raw)
To: cygwin
> On Apr 13 18:10, Houder wrote:
>> = Cygwin 2.0 -- logged on as user Test
>>
>> %% uname -a
>> CYGWIN_NT-6.1-WOW Seven 2.0.0(0.287/5/3) 2015-04-12 21:09 i686 Cygwin
>> %% pwd
>> /home/Test
>> %% id
>> uid=197614(Test) gid=197121(None) groups=197121(None), ... followed by irrelevant j.
>> 545(Users), 4(INTERACTIVE)66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local
>> acount),4095(CurrentSession),
>> 66048(LOCAL),262154(NTLM Authentication),401408(Medim Mandatory Level)
>> %% touch file
>> %% chmod 460 file
>> %% echo aha > file
>> bash: file: Permission denied
>>
>> %% getfacl file
>> # file: file
>> # owner: Test
>> # group: None
>> user::r--
>> group::r-x
>> mask:rw-
>
> Huh? So it creates a mask even though it only contains standard POSIX
> permissions. This explains the "permission denied". The group r-x
> combined with a mask rw- results in effective r-- permissions for the
> group None. This yet again calls for adding the output of effective
> permissions to getacl.
Now I am confused ...
Permission denied above (logon as user Test) did NOT surprise me ... It was
the 'write denial' after that (logon as user Henri).
>> %% id
>> uid=197608(Henri) gid=197121(None) groups=197121(None), ...
>> %% ls -l file
>> -r--rw---- 1 Test None 0 Apr 13 17:12 file
>> %% echo ho,ho > file
>> bash: file: Permission denied # Huh? No, no, no ...
User Henri should be able to write the file, should he not? At least, that is
what the output of 'ls' says, and according to what I demanded:
chmod 460 file
(file is owned by user Test; 'None' is the primary group of user Henri)
Btw, I installed update 4 to Cygwin 2.0 ... and observe no change in the output
of getfacl, icacls ... also user Henri is still denied write access ...
Henri
> I think I fixed the thinko in the code. At one point I noticed that I
> mishandled the GROUP_OBJ permssions in new-style ACEs and my fix was
> apparently a bit too efficient :}
>
> I uploaded new snapshots to https://cygwin.com/snapshots/ and I'm just
> uploading a 2.0.0-0.4 release.
>
> Please give either of them a try.
>
> Thanks,
> Corinna
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
2015-04-13 16:10 Houder
@ 2015-04-14 8:58 ` Corinna Vinschen
2015-04-14 14:18 ` Houder
2015-04-14 14:27 ` Achim Gratz
0 siblings, 2 replies; 23+ messages in thread
From: Corinna Vinschen @ 2015-04-14 8:58 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1970 bytes --]
On Apr 13 18:10, Houder wrote:
> Hi Corinna,
>
> Perhaps not relevant anymore (since you have returned to the drawing board) ...
>
> - after installing update 3 to Cygwin 2.0 ...
> - created file while being logged on as user Test; subsequently executed: chmod 460 file
> - switched back to user Henri and attempted to touch file: failed
> - however, using Cygwin 1.7, and repeating the same procedure, I am able to touch the file (called file2)
>
> Regards,
>
> Henri
>
> = Cygwin 2.0 -- logged on as user Test
>
> %% uname -a
> CYGWIN_NT-6.1-WOW Seven 2.0.0(0.287/5/3) 2015-04-12 21:09 i686 Cygwin
> %% pwd
> /home/Test
> %% id
> uid=197614(Test) gid=197121(None) groups=197121(None), ... followed by irrelevant j.
> 545(Users), 4(INTERACTIVE)66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local
> acount),4095(CurrentSession),
> 66048(LOCAL),262154(NTLM Authentication),401408(Medim Mandatory Level)
> %% touch file
> %% chmod 460 file
> %% echo aha > file
> bash: file: Permission denied
>
> %% getfacl file
> # file: file
> # owner: Test
> # group: None
> user::r--
> group::r-x
> mask:rw-
Huh? So it creates a mask even though it only contains standard POSIX
permissions. This explains the "permission denied". The group r-x
combined with a mask rw- results in effective r-- permissions for the
group None. This yet again calls for adding the output of effective
permissions to getacl.
I think I fixed the thinko in the code. At one point I noticed that I
mishandled the GROUP_OBJ permssions in new-style ACEs and my fix was
apparently a bit too efficient :}
I uploaded new snapshots to https://cygwin.com/snapshots/ and I'm just
uploading a 2.0.0-0.4 release.
Please give either of them a try.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3
@ 2015-04-13 16:10 Houder
2015-04-14 8:58 ` Corinna Vinschen
0 siblings, 1 reply; 23+ messages in thread
From: Houder @ 2015-04-13 16:10 UTC (permalink / raw)
To: cygwin
Hi Corinna,
Perhaps not relevant anymore (since you have returned to the drawing board) ...
- after installing update 3 to Cygwin 2.0 ...
- created file while being logged on as user Test; subsequently executed: chmod 460 file
- switched back to user Henri and attempted to touch file: failed
- however, using Cygwin 1.7, and repeating the same procedure, I am able to touch the file (called file2)
Regards,
Henri
= Cygwin 2.0 -- logged on as user Test
%% uname -a
CYGWIN_NT-6.1-WOW Seven 2.0.0(0.287/5/3) 2015-04-12 21:09 i686 Cygwin
%% pwd
/home/Test
%% id
uid=197614(Test) gid=197121(None) groups=197121(None), ... followed by irrelevant j.
545(Users), 4(INTERACTIVE)66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local
acount),4095(CurrentSession),
66048(LOCAL),262154(NTLM Authentication),401408(Medim Mandatory Level)
%% touch file
%% chmod 460 file
%% echo aha > file
bash: file: Permission denied
%% getfacl file
# file: file
# owner: Test
# group: None
user::r--
group::r-x
mask:rw-
other:---
%% icacls file # note: here I removed all white clobber in the output
file NULL SID:(DENY)(Rc,S,WEA,X,DC)
Seven\Test:(DENY)(S,WD,AD,WEA,DC)
Sven\Test:(R,D,WDAC,WO,WA) # yes, should be Seven\Test ... Oh well
Seven\None:(DENY)(S,X)
Seven\None:(RX)
Evryone:(Rc,S,RA) # yes, should be Everyone ... bzzz
Successfully processed 1 files; Failed processing 0 files
%%
++ logoff Test, logon Henri
%% pwd
/home/Henri
%% cd ../Test
%% id
uid=197608(Henri) gid=197121(None) groups=197121(None), ... followed by irrelevant j.
197615(HelpLibraryUpdaters),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),
113(Local account),4095(CurrentSession),66048(LOCAL),262154(NTLM Authentication),401408(Medium Mandatory Level)
%% ls -l file
-r--rw---- 1 Test None 0 Apr 13 17:12 file
%% echo ho,ho > file
bash: file: Permission denied # Huh? No, no, no ...
%% getfacl file # same output as above
%% icacls file # same output as above
-----
= Cygwin 1.7 -- logged in as user Test
@@ uname -a
CYGWIN_NT-6.1-WOW Seven 1.7.36(0.287/5/3) 2015-03-17 10:46 i686 Cygwin
@@ pwd
/home/Test
@@ id -a
uid=1006(Test) gid=513(None) groups=513(None),545(Users)
@@ touch file2
@@ chmod 460 file2
@@ ls -l file2
-r--rw---- 1 Test None 0 Apr 13 17:30 file2
@@ echo aha > file2
bash: file2: Permission denied
@@ getfacl file2
# file: file2
# owner: Test
# group: None
user::r--
group::rw-
other:---
@@ icacls file2
file2 Seven\Test:(DENY)(S,WD,AD,WEA)
Seven\Test:(R,D,WDAC,WO,WA)
Seven\None:(R,W)
Everyone:(Rc,S,RA)
Successfully processed 1 files; Failed processing 0 files
++ logoff Test, logon Henri
@@ pwd
/home/Henri
@@ id -a
uid=1000(Henri) gid=513(None) groups=513(None),1007(HelpLibraryUpdaters),545(Users)
@@ cd ../Test
@@ ls -l file2
-r--rw---- 1 Test None 0 Apr 13 17:30 file2
@@ echo ho,ho > file2 # Yes, that is Unixy
@@ getfacl file2 # same output as above
@@ icacls file2 # same output as above
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2015-04-15 9:04 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-12 19:23 [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3 Corinna Vinschen
2015-04-12 21:19 ` Bryan Berns
2015-04-13 7:17 ` Corinna Vinschen
2015-04-13 7:32 ` Corinna Vinschen
2015-04-13 11:13 ` Bryan Berns
2015-04-13 16:10 Houder
2015-04-14 8:58 ` Corinna Vinschen
2015-04-14 14:18 ` Houder
2015-04-14 14:50 ` Corinna Vinschen
2015-04-14 15:01 ` Houder
2015-04-14 15:12 ` Corinna Vinschen
2015-04-14 15:26 ` Houder
2015-04-14 15:45 ` Corinna Vinschen
2015-04-14 16:32 ` Houder
2015-04-14 18:21 ` Corinna Vinschen
2015-04-14 18:38 ` Houder
2015-04-15 7:13 ` Corinna Vinschen
2015-04-15 7:46 ` Houder
2015-04-15 9:04 ` Corinna Vinschen
2015-04-14 14:27 ` Achim Gratz
2015-04-14 14:52 ` Corinna Vinschen
2015-04-14 15:35 ` Achim Gratz
2015-04-14 15:53 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).