This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: general setup.exe status incl network install [was Re: setup ChangeLog IniDBBuilder.h IniDBBuilderPac ...]
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Date: Wed, 16 Dec 2009 15:37:17 +0100
- Subject: Re: general setup.exe status incl network install [was Re: setup ChangeLog IniDBBuilder.h IniDBBuilderPac ...]
- References: <20091213192343.10516.qmail@sourceware.org> <20091216085611.GJ8059@calimero.vinschen.de> <4B28ED95.1020806@gmail.com>
- Reply-to: cygwin-apps at cygwin dot com
On Dec 16 14:24, Dave Korn wrote:
> I gave it a try and produced an oddity, although possibly just as an
> artifact of the way I did it: instead of creating a share, I mapped the
> default admin //sever/I$ share of my main PC as Z: over SMB from inside a VM
> and installed it to that drive. Everything appeared to go OK during
> setup.exe, but in fact the /tmp dir got created with a bad ACL making it
> unwritable, and as a consequnce I got shell failures during the postinstall
> scripts and when running the base-files initial setup; you can't create here
> docs if the /tmp dir is r-o.
Did the tmp dir get created with the below ACL? If so, it's not R/O.
it looks perfectly reasonable for a directory created with 01777
permissions. That's what is done for /tmp in install.cc.
> > C:\Documents and Settings\Administrator>cacls i:\cygremotewin\tmp
> > i:\cygremotewin\tmp BUILTIN\Administrators:F
Full access for admins.
> > UBIK\None:(special access:)
> > READ_CONTROL
> > SYNCHRONIZE
> > FILE_GENERIC_READ
> > FILE_GENERIC_WRITE
> > FILE_GENERIC_EXECUTE
> > FILE_READ_DATA
> > FILE_WRITE_DATA
> > FILE_APPEND_DATA
> > FILE_READ_EA
> > FILE_WRITE_EA
> > FILE_EXECUTE
> > FILE_READ_ATTRIBUTES
> > FILE_WRITE_ATTRIBUTES
> >
> > Everyone:(special access:)
> > READ_CONTROL
> > SYNCHRONIZE
> > FILE_GENERIC_READ
> > FILE_GENERIC_WRITE
> > FILE_GENERIC_EXECUTE
> > FILE_READ_DATA
> > FILE_WRITE_DATA
> > FILE_APPEND_DATA
> > FILE_READ_EA
> > FILE_WRITE_EA
> > FILE_EXECUTE
> > FILE_READ_ATTRIBUTES
> > FILE_WRITE_ATTRIBUTES
> >
> > <Account Domain not found>(special access:)
> > FILE_READ_DATA
See below.
> > CREATOR OWNER:(OI)(CI)(IO)F
Full access for creator-owner for subsequently created objects.
> > CREATOR GROUP:(OI)(CI)(IO)(special access:)
> > READ_CONTROL
> > SYNCHRONIZE
> > FILE_GENERIC_READ
> > FILE_GENERIC_WRITE
> > FILE_GENERIC_EXECUTE
> > FILE_READ_DATA
> > FILE_WRITE_DATA
> > FILE_APPEND_DATA
> > FILE_READ_EA
> > FILE_WRITE_EA
> > FILE_EXECUTE
> > FILE_READ_ATTRIBUTES
> > FILE_WRITE_ATTRIBUTES
> >
> > Everyone:(OI)(CI)(IO)(special access:)
> > READ_CONTROL
> > SYNCHRONIZE
> > FILE_GENERIC_READ
> > FILE_GENERIC_WRITE
> > FILE_GENERIC_EXECUTE
> > FILE_READ_DATA
> > FILE_WRITE_DATA
> > FILE_APPEND_DATA
> > FILE_READ_EA
> > FILE_WRITE_EA
> > FILE_EXECUTE
> > FILE_READ_ATTRIBUTES
> > FILE_WRITE_ATTRIBUTES
>
> Hmm, what? That thing that says "Account Domain not found" shows up in the
> explorer properties dialog security tab as "S-1-0-0", or if I run the cacls
> command from the VM guest side, it is described as "NULL SID", which is
> probably because the VM is XP and the host is 2k and MS only made cacls.exe
> smart enough to recognize the null sid in the XP version, but that doesn't
> explain what it's doing there in the first place!
>
> Does this symptom suggest any possibilities to anyone?
Unfortunately not. It's really officially the NULL SID. The NULL SID
ACE is created when at least one of the special SUID, SGID or VTX bits
are set in the permissions. FILE_READ_DATA in the NULL SID is the
marker for the VTX bit. As far as actual permissions go, the VTX bit is
equivalent to the FILE_DELETE_CHILD bit, just backwards.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat