From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133]) by sourceware.org (Postfix) with ESMTPS id DDD303858C5F for ; Thu, 9 Feb 2023 21:09:57 +0000 (GMT) Authentication-Results: sourceware.org; dmarc=permerror header.from=cygwin.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=cygwin.com Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MsqIi-1obi1E0s80-00tBFj; Thu, 09 Feb 2023 22:09:48 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id 8435FA80756; Thu, 9 Feb 2023 22:09:47 +0100 (CET) Date: Thu, 9 Feb 2023 22:09:47 +0100 From: Corinna Vinschen To: Norton Allen Cc: "cygwin@cygwin.com" Subject: Re: chmod g+ws unsuccessful, "NULL SID" icacls missing Message-ID: Reply-To: cygwin@cygwin.com Mail-Followup-To: Norton Allen , "cygwin@cygwin.com" References: <0219f7c5-ca4c-bae3-3e13-abfc14c53e01@huarp.harvard.edu> <8af5a564-094f-e4eb-25b4-bed2b9294f39@huarp.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <8af5a564-094f-e4eb-25b4-bed2b9294f39@huarp.harvard.edu> X-Provags-ID: V03:K1:Ts8+SuAJRdgK+Q+ZWDt6u0SwdktkoG+cCcCE3pKisLxOglZJjFu UpEkB7fvN/TkZbkuGwud/+GvXgs9coQmcvoXECG/iymMKL3l7MHq26iT8IZuUCq75UslUVS Sa9yyE0KwSUILHbbywuvHiql334BnAHfccOrCfLHGN+jubBf3LILq7mBuQaR4SLgVazi9mA LmKOaHoGFf4mk9W7ulvCA== UI-OutboundReport: notjunk:1;M01:P0:VAVOZwx3vT8=;dtFXcNSb+PQV7UpQi7zeCxCvBNX wYAwDs22JtoRBrm3hKAy1nxoGiR+qrdCz2pPYuAtPs5Ij+5NCSWpC5UzkgRuIBZJRfZ6WPDHL 3/f7TaYnTAONzN3LNU+k6ll5vcoWFSNYGTyvSbJhv4QNXpI+pIJQnQKsF9oppU+J47TnP9sqe +yavcyZZ8QqopTJUwxIzXRuZxohdw6i6+zNl9Xc/P+h1i8P9io1/MBSztRRE8cXuI4qQ9zQlG PocyCOQyjw+2fst/A02rpXv1g83PQ1onHrjDcuuIJ95fHrsgNKLOyTs5fRFm+CrHWVamUrzGr On3Legp/3RnW3tGrbNiG/HSnE83SCuK2Cow7nL6gBBACd74csi+78ri3S02hnQ6l7zxyv2tRq Wg5ehXWHD/RnVruuXpgpegn6+Rsqn5/b1gGNkV0+oI0bv6m3VPeFZZ2yNPz/S185qGc4l0oju sFCQLMyfYrQhNvzTBglQ6NhPfK8Ks71yubUyzBI5x5IwDX6K/VKQ43x/dPt1uzs8brnRD+EBl BR7zurDDrnLQmebdbItn+vUCW7dSsPuRHPBXj8tVvFHdA56qKHAErSZehvRH0yO9Ug2qURDZY SWOvv5NwrrX8JoAUhZO0YoB1F0DpRC8WCUXv+mpssBewa/pN9MZI32aoq9/f1KT0tweCOe/ZY owFzzBevAJW0aTFjErkLAv6EOgP8/W3mgBqIDGpYtg== X-Spam-Status: No, score=-97.3 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_FAIL,SPF_HELO_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi Norton, On Feb 9 13:25, Norton Allen via Cygwin wrote: > On 2/8/2023 4:05 PM, Norton Allen via Cygwin wrote: > > I briefly raised this issue months ago and am trying to resolve it again > > now. > > > > What I am trying to do is setup permissions so multiple users on one > > machine can share full control over a particular directory hierarchy. > > > > On Linux I have usually been able to make things work with: > > > >    $ mkdir shared_dir > >    $ chgrp shared_group shared_dir > >    $ chmod g+ws shared_dir > >    $ umask 2 > > > > User shells are configured with umask 2 so files they create have group > > write. Users belong to shared_group. Files and subdirs created under > > shared_dir are all in group shared_group. Files moved in retain their > > original group, but the group members still have permission to rename or > > delete them. > > > > The problem: > > > > $ chmod g+ws fails to set the 's' bit, and the resulting icacls output > > does not contain any "NULL SID" entries. I am seeing the same problem on > > (at least) two different systems setup by my organization. One of these > > was just re-imaged and I installed Cygwin yesterday with no customized > > configurations. AV is Windows Defender, but I suspect if that were the > > culprit, there would have been more noise. > > > > I suspect there might be a group policy or something that is interfering > > with Cygwin's strategy for implementing POSIX permissions. I am pretty > > sure this worked correctly at some point in the past. > > > > Has anyone encountered this? > > > > Does group policy seem like a likely suspect? Anyone know which > > policy(ies)? I think I might be able to get IT to cut me slack if I knew > > what to ask for. > > > > I have also played with using setfacl directly to add permissions, but > > as anyone who has read about Cygwin file permissions might guess, that > > tends to have mixed/poor results, but I'd be open to any suggestions. > > > > I don't actually have a system on which this is working to compare to, so I > am not exactly sure how it is supposed to look when it's working correctly. > The current behavior on  my new uncustomized installation: > [...] > Any idea what g+s should be doing? Any more/better information I can > provide? What you observe is a bug in Cygwin, plain and simple. Without going into too much detail, part of the problem could never be observed with older coreutils, which we had to live with for much too long in the Cygwin distro. The newer coreutils handles permissions slightly differently and that dropped the mask from the buggy code. I applied a patch which, hopefully, fixes this problem (in fact, plural, "these problems"). A new Cygwin test release 3.5.0-0.162.g498fce80ef33 is just being built and should be up in an hour or so. You can simply install it via Cygwin's setup tool as soon as it's on your favorite mirror. If it works as desired, it will be part of the next Cygwin bugfix release 3.4.6. Thanks, Corinna