From: "Jürgen Wagner" <juergen@wagner.is>
To: cygwin@cygwin.com
Subject: Re: Files created in cygwin on fileshare no longer allow "delete" in NTFS
Date: Mon, 11 Dec 2017 22:19:00 -0000 [thread overview]
Message-ID: <df8f760f-3f80-27bd-1e70-f1a767ab0eec@wagner.is> (raw)
In-Reply-To: <059e3621048b4ee68257b6bfb0ae1053@knapheide.com>
[-- Attachment #1: Type: text/plain, Size: 2060 bytes --]
Hi Eric,
what are the permission settings on the containing directory?
Cheers,
--J.
On 11.12.2017 20:58, Eric Duesterhaus wrote:
> Hi Cygwin Community,
>
> We are currently encountering an issue with Cygwin in regards to NTFS permissions on files created within Cygwin. I'll try to outline my issue with specifics.
>
> 1. There is a windows file server mapped to M:\ on the a windows computer running Cygwin.
>
> 2. There is an active directory group that has "Modify" level permissions on this file share (In NTFS, Modify includes explicit "delete" rights)
>
> 3. "User1" and "User2" are both members of the aforementioned AD group.
>
> 4. A file is created in /cygdrive/m/filepath/ through Cygwin being run as "User1".
>
> 5. "User2" attempts to delete this file. It does not work (access denied).
>
> 6. Upon further inspection of this file's ACL, the AD group with Modify level permissions now only has "read, write, execute" permissions, which, using windows "Effective Access" tool shows that the checkbox that assigns "delete" rights is no longer checked for this group.
>
>
> I tried using getfacl on a file with the modify permission allowed to my AD group, then passed that file into setfacl with the -f option to overwrite the ACL of my created file. From the NTFS point of view, my AD group still only has read/write/execute permissions instead of modify, which again, doesn't allow delete.
>
> For information gathering I use the resultant file from getfacl to setacl -f on a file with "good" NTFS permissions, it overwrites the permissions and again, my AD group only has rwx and not "modify" permissions while looking at the ACL from windows.
>
> How can I retain NTFS "delete" rights for my users and groups on files created by Cygwin?
>
> Eric
>
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
>
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 3986 bytes --]
next prev parent reply other threads:[~2017-12-11 21:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-11 21:29 Eric Duesterhaus
2017-12-11 22:19 ` Jürgen Wagner [this message]
2017-12-12 0:26 Eric Duesterhaus
2017-12-12 9:17 ` Larry Hall (Cygwin)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=df8f760f-3f80-27bd-1e70-f1a767ab0eec@wagner.is \
--to=juergen@wagner.is \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).