From: "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr@ncbi.nlm.nih.gov>
To: "'cygwin@cygwin.com'" <cygwin@cygwin.com>
Subject: Weird issue with file permissions
Date: Fri, 1 Jul 2022 05:46:44 +0000 [thread overview]
Message-ID: <DM8PR09MB709508104694224E0803C069A5BD9@DM8PR09MB7095.namprd09.prod.outlook.com> (raw)
Hi all,
I am having an issue with socket file permissions...
So here's a mockup of code that shows the problem:
$ cat sun.c
#include <stdio.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/un.h>
#define SOCKET "./.socket"
int main()
{
struct sockaddr_un addr;
struct stat st;
mode_t u;
int s;
/* create a UNIX socket */
if ((s = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
perror("socket");
return 1;
}
memset(&addr, 0, sizeof(addr));
addr.sun_family = PF_UNIX;
strcpy(addr.sun_path, SOCKET);
unlink(SOCKET);
u = umask(0);
if (bind(s, (struct sockaddr*) &addr, sizeof(addr)) != 0) {
perror("bind");
return 1;
}
umask(u);
if (fchmod(s, 0666) < 0)
printf("fchmod: %m\n");
if (fstat(s, &st) < 0) {
perror("fstat");
return 1;
}
printf("fstat mode = %03o\n", st.st_mode);
if (stat(SOCKET, &st) < 0) {
perror("stat");
return 1;
}
printf("stat mode = %03o\n", st.st_mode);
return 0;
}
$ gcc -Wall -o sun sun.c
Now, if I run this code in my Cygwin home directory (and any directory that I create using "mkdir..." under it),
I am getting the expected results:
$ ~/sun
fstat mode = 140666
stat mode = 140666
$ ls -l .socket
srw-rw-rw-+ 1 ANTON None 0 Jul 1 01:19 .socket=
However, if I run it elsewhere (different drive "cd /cygdrive/g/cygwin" -- it's NOT where Cygwin is installed,
just a folder that keeps files for Cygwin development, the installation is on C:\Cygwin64), I cannot predict
the results. What's weird is that fstat and stat report different file modes.
$ pwd
/cygdrive/g/cygwin
$ ~/sun
fstat mode = 140666
stat mode = 140666
$ ls -l .socket
srw-rw-rw-+ 1 ANTON None 0 Jul 1 01:24 .socket=
So all's good here, BUT:
$ mkdir subdir
$ cd subdir
$ pwd
/cygdrive/g/cygwin/subdir
$ ~/sun
fstat mode = 140666
stat mode = 140664
$ ls -l .socket
srw-rw-r--+ 1 ANTON None 0 Jul 1 01:25 .socket=
Note that fstat lied!
For some reason getfacl returns "Not supported", so I could not investigate with that, but I'm showing below
the icacls outputs for both /cygwin/g/cygwin and /cygdrive/g/cygwin/subdir with their .socket files, respectively.
At any rate, it looks like fstat, despite reporting the mode, wasn't actually able to bake it on disk
using those insanely complicated Windows permissions.
What's more insane, is that using the chmod command from shell, I'm able to change the permissions to 0666,
and it sticks:
$ pwd
/cygdrive/g/cygwin/subdir
$ chmod 0666 .socket
$ ls -l .socket
srw-rw-rw-+ 1 ANTON None 0 Jul 1 01:25 .socket=
Any insights will be highly appreciated!
Thanks.
$ pwd
/cygdrive/g/cygwin
$ icacls .
. BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
$ icacls .socket
.socket NULL SID:(DENY)(Rc,S,WEA,X,DC)
ANTON\ANTON:(R,W,D,WDAC,WO)
ANTON\None:(DENY)(S,X)
NT AUTHORITY\Authenticated Users:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
BUILTIN\Users:(DENY)(S,X)
ANTON\None:(RX,W)
NT AUTHORITY\Authenticated Users:(RX,W)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
BUILTIN\Users:(RX,W)
Everyone:(R,W)
$ cd subdir
$ icacls .
. NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
ANTON\ANTON:(F)
ANTON\None:(RX)
NT AUTHORITY\Authenticated Users:(RX,W,DC)
NT AUTHORITY\SYSTEM:(RX,W,DC)
BUILTIN\Administrators:(RX,W,DC)
BUILTIN\Users:(RX)
Everyone:(RX)
NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,WEA,X,DC)
CREATOR OWNER:(OI)(CI)(IO)(F)
CREATOR GROUP:(OI)(CI)(IO)(RX)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(RX,W,DC)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(RX,W,DC)
BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
BUILTIN\Users:(OI)(CI)(IO)(RX)
Everyone:(OI)(CI)(IO)(RX)
As created by the program:
$ icacls .socket
.socket NULL SID:(DENY)(Rc,S,WEA,X,DC)
ANTON\ANTON:(R,W,D,WDAC,WO)
ANTON\None:(DENY)(S,X)
NT AUTHORITY\Authenticated Users:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
BUILTIN\Users:(DENY)(S,X)
ANTON\None:(RX)
NT AUTHORITY\Authenticated Users:(RX,W)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
BUILTIN\Users:(RX)
Everyone:(R)
After chmod:
$ icacls .socket
.socket NULL SID:(DENY)(Rc,S,WEA,X,DC)
ANTON\ANTON:(R,W,D,WDAC,WO)
ANTON\None:(DENY)(S,X)
NT AUTHORITY\Authenticated Users:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
BUILTIN\Users:(DENY)(S,X)
ANTON\None:(RX)
NT AUTHORITY\Authenticated Users:(RX,W)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
BUILTIN\Users:(RX)
ANTON\None:(DENY)(W,DC)
BUILTIN\Users:(DENY)(W,DC)
Everyone:(R,W)
Anton Lavrentiev
Contractor NIH/NLM/NCBI
next reply other threads:[~2022-07-01 5:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-01 5:46 Lavrentiev, Anton (NIH/NLM/NCBI) [C] [this message]
2022-07-01 17:03 ` Ken Brown
2022-07-01 18:00 Lavrentiev, Anton (NIH/NLM/NCBI) [C]
2022-07-01 19:01 ` Ken Brown
2022-07-01 20:59 ` Ken Brown
2022-07-01 22:11 Lavrentiev, Anton (NIH/NLM/NCBI) [C]
2022-07-01 23:16 ` Ken Brown
2022-07-02 3:23 Lavrentiev, Anton (NIH/NLM/NCBI) [C]
2022-07-02 14:43 ` Ken Brown
2022-07-02 16:16 Lavrentiev, Anton (NIH/NLM/NCBI) [C]
2022-07-02 18:41 ` Ken Brown
2022-07-03 1:51 Lavrentiev, Anton (NIH/NLM/NCBI) [C]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM8PR09MB709508104694224E0803C069A5BD9@DM8PR09MB7095.namprd09.prod.outlook.com \
--to=lavr@ncbi.nlm.nih.gov \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).