Hi Corinna,
Ref: https://cygwin.com/ml/cygwin/2015-02/msg00856.html
- Too Many Permissions Stripped In 1.7.35?
Is it true? Is Cygwin a system to manage Windows? I NEVER got that impression.
I have always been content that I was able to use Cygwin in a directory tree,
that had been
especially prepared by me for the sake of using Cygwin (doing development-like
things).
Using Cygwin on NTFS (i.e. Windows ACL), trouble is "around the corner", I
believe.
As an example, below an attempt to create a "posix" directory on a filesystem
(drive), that
has NOT been modified (!nurtured!) in advance.
I wonder whether it is really worthwile to "fortify" Cygwin against each and
every "mishap"
that Windows may throw at Cygwin? (yes, sort of a vote, that you asked for)
(btw, how about some sleep now and then?)
(you are welcome NOT to reply -- I just wanted to get this off my chest :-)
Henri
-----
List of comands: -- yes, I know, the example is somewhat artifical
- create QL using Explorer
- chown Henri:None QL # perm denied -- file owner == Henri
... not Unixy, is it?
- setfacl -b QL # perm denied
- setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # perm denied
- touch QL # ... oh well, as an exception ...
- chmod 000 QL # 000? yes, you may argue why ...
(well, it apparently does the job)
- setfacl -b QL # look here, now it succeeds
- chmod 755 QL # succeeds, but ... creator owner still
suffers ...
- setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # finally,
target achieved!
@@ uname -a
CYGWIN_NT-6.1-WOW Seven 1.7.35s(0.286/5/3) 20150226 20:41:55 i686 Cygwin
@@ pwd # NON-elevated bash
/drv/d
@@ icacls.sh QL
D:/QL
BUILTIN\Administrators (I)(F)
BUILTIN\Administrators (I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM (I)(F)
NT AUTHORITY\SYSTEM (I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users (I)(M)
NT AUTHORITY\Authenticated Users (I)(OI)(CI)(IO)(M)
BUILTIN\Users (I)(RX)
BUILTIN\Users (I)(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
@@ ls-facl.sh QL
D:/QL
Owner: Seven\Henri <==== yes, I am the owner!
Group: Seven\None
DACL(not_protected):
BUILTIN\Administrators full allow
no_inheritance
BUILTIN\Administrators full allow
\
container_inherit+object_inherit+inherit_only
NT AUTHORITY\SYSTEM full allow
no_inheritance
NT AUTHORITY\SYSTEM full allow
\
container_inherit+object_inherit+inherit_only
NT AUTHORITY\Authenticated Users change allow
no_inheritance
NT AUTHORITY\Authenticated Users change allow
\
container_inherit+object_inherit+inherit_only
BUILTIN\Users read_execute allow
no_inheritance
BUILTIN\Users read_execute allow
\
container_inherit+object_inherit+inherit_only
SetACL finished successfully.
@@ chown Henri:None QL
chown: changing ownership of QL: Permission denied
@@ setfacl -b QL
setfacl: Permission denied
@@ setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL
setfacl: Permission denied
@@ touch QL
@@ chmod 000 QL # because chmod 'rocks', apparently ... some sort of healing
potion, I imagine?
@@ icacls.sh QL
D:/QL
Seven\Henri (D,Rc,WDAC,WO,RA,WA) # will have to work
on that
Seven\None (Rc,S,RA)
Everyone (Rc,S,RA)
BUILTIN\Administrators (Rc,S,RA)
BUILTIN\Administrators (OI)(CI)(IO)
NT AUTHORITY\SYSTEM (Rc,S,RA)
NT AUTHORITY\SYSTEM (OI)(CI)(IO)
NT AUTHORITY\Authenticated Users (Rc,S,RA)
NT AUTHORITY\Authenticated Users (OI)(CI)(IO)
BUILTIN\Users (Rc,S,RA)
BUILTIN\Users (OI)(CI)(IO)
Successfully processed 1 files; Failed processing 0 files
@@ setfacl -b QL # get rid of those useless mavericks ...
@@ icacls.sh QL
D:/QL
Seven\Henri (D,Rc,WDAC,WO,RA,WA)
Seven\None (Rc,S,RA)
Everyone (Rc,S,RA)
CREATOR OWNER (OI)(CI)(IO)(D,Rc,WDAC,WO,RA,WA)
CREATOR GROUP (OI)(CI)(IO)(Rc,RA)
Everyone (OI)(CI)(IO)(Rc,RA)
Successfully processed 1 files; Failed processing 0 files
@@ chmod 755 QL # will it restore full control?
@@ icacls.sh QL
D:/QL
Seven\Henri (F)
Seven\None (RX)
Everyone (RX)
CREATOR OWNER (OI)(CI)(IO)(D,Rc,WDAC,WO,RA,WA) # uhm,
creator owner still suffers ...
CREATOR GROUP (OI)(CI)(IO)(Rc,RA)
Everyone (OI)(CI)(IO)(Rc,RA)
Successfully processed 1 files; Failed processing 0 files
@@ setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # now what can I
expect from this command?
@@ icacls.sh QL
D:/QL
Seven\Henri (F)
Seven\None (RX)
Everyone (RX)
CREATOR OWNER (OI)(CI)(IO)(F) # Oh well, it did the
trick ...
CREATOR GROUP (OI)(CI)(IO)(RX)
Everyone (OI)(CI)(IO)(RX)
Successfully processed 1 files; Failed processing 0 files
@@
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
