From: xnor <xnoreq@gmail.com>
To: cygwin@cygwin.com
Subject: Re[2]: Issues with ACL settings after updating to the latest cygwin.dll
Date: Tue, 09 Feb 2016 20:53:00 -0000 [thread overview]
Message-ID: <embea8f98a-05a5-4804-a575-9eebf7412614@gaming> (raw)
In-Reply-To: <20160208181956.GI12975@calimero.vinschen.de>
>Not sure what Transmission is, but files downloaded with POSIX
>tools are usually not executable. For instance, download Cygwin's
>setup-x86.exe with wget. Then try to execute it. It won't since
>the permissions are set according to your umask and without execute
>permissions, e.g., 0644. This is normal.
The behavior has changed with the ACL change in Cygwin and I would not
consider that "normal". The warning from Windows is not normal.
I realize that the previous implementation was already problematic and
messed with permissions but I did not notice it since it never denied
executing executables.
>The permissions must *not* be reordered. If Cygwin creates permissions
>incorrectly it's one thing, but the order to emulate POSIX permissions
>is non-canonical. Reordering them will break them.
>
>Please provide the exact output from icacls.
They *have* to be reordered to be modifiable in Windows/Explorer. In
other words, if I want to change permission the new ACL behavior ensures
that it breaks the Cygwin permissions?
Here is the output from icacls /saveacl for some file:
D:P(D;;RPWPDTRC;;;S-1-0-0)(A;;0x1f019f;;;S-1-5-21-559282050-488988736-2019639472-1001)(D;;WP;;;AU)(D;;WP;;;SY)(D;;WP;;;BA)(D;;WP;;;BU)(A;;FR;;;S-1-5-21-559282050-488988736-2019639472-513)(A;;0x1201bf;;;AU)(A;;0x1201bf;;;SY)(A;;0x1201bf;;;BA)(A;;0x1200a9;;;BU)(A;;FR;;;WD)
After letting Windows fix the order:
D:PAI(D;;RPWPDTRC;;;S-1-0-0)(D;;WP;;;AU)(D;;WP;;;SY)(D;;WP;;;BA)(D;;WP;;;BU)(A;;0x1f019f;;;S-1-5-21-559282050-488988736-2019639472-1001)(A;;FR;;;S-1-5-21-559282050-488988736-2019639472-513)(A;;0x1201bf;;;AU)(A;;0x1201bf;;;SY)(A;;0x1201bf;;;BA)(A;;0x1200a9;;;BU)(A;;FR;;;WD)
Here is what's "normal" for Windows if I create a file under a new
folder on C: in Explorer:
D:AI(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)
Strangely enough this is displayed as "-rwxrwx---+ MyUser None" with `ls
-l` even though my user is in the group Administrators.
Here is what I would expect:
MyUser is in the group Administrators. Given the inherited permissions
above a Windows-created file should be shown as "-rwxrwxr--+ MyUser
Administrators"?
After chmod 664 I would expect this:
- still inherit all the permissions
- add permission MyUser DENY execute
- add permission Administrators DENY execute
- add permission Everyone ALLOW read
Instead Cygwin copies all permissions, drops the inheritance, copies
them again, adds None, adds NULL SID ...
After a consecutive chmod 770 I would expect the above non-inherited
permissions to be removed again.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2016-02-09 20:53 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-30 20:46 K Stahl
2016-02-08 14:16 ` Corinna Vinschen
2016-02-08 17:48 ` Re[2]: " xnor
2016-02-08 18:12 ` Re[3]: " xnor
2016-02-08 18:22 ` Corinna Vinschen
2016-02-08 18:20 ` Corinna Vinschen
2016-02-09 20:53 ` xnor [this message]
2016-02-10 2:20 ` Andrey Repin
2016-02-10 17:39 ` Re[2]: " xnor
2016-02-10 18:35 ` Andrey Repin
2016-02-10 11:55 ` Corinna Vinschen
2016-02-10 12:19 ` Corinna Vinschen
2016-02-08 18:33 ` Re[3]: " xnor
2016-02-09 15:02 ` K Stahl
2016-02-10 11:56 ` Corinna Vinschen
2016-02-10 18:18 Re[2]: " xnor
2016-02-10 20:50 Andrey Repin
2016-02-10 22:40 ` Re[2]: " xnor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=embea8f98a-05a5-4804-a575-9eebf7412614@gaming \
--to=xnoreq@gmail.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).