This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

I really, really wonder ...


Hi Corinna,

Ref: https://cygwin.com/ml/cygwin/2015-02/msg00856.html
 - Too Many Permissions Stripped In 1.7.35?

Is it true? Is Cygwin a system to manage Windows? I NEVER got that impression.

I have always been content that I was able to use Cygwin in a directory tree, that had been
especially prepared by me for the sake of using Cygwin (doing development-like things).

Using Cygwin on NTFS (i.e. Windows ACL), trouble is "around the corner", I believe.

As an example, below an attempt to create a "posix" directory on a filesystem (drive), that
has NOT been modified (!nurtured!) in advance.

I wonder whether it is really worthwile to "fortify" Cygwin against each and every "mishap"
that Windows may throw at Cygwin? (yes, sort of a vote, that you asked for)

(btw, how about some sleep now and then?)

(you are welcome NOT to reply -- I just wanted to get this off my chest :-)

Henri

-----
List of comands: -- yes, I know, the example is somewhat artifical

 - create QL using Explorer
 - chown Henri:None QL                  # perm denied -- file owner == Henri ... not Unixy, is it?
 - setfacl -b QL                        # perm denied
 - setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # perm denied
 - touch QL                             # ... oh well, as an exception ...
 - chmod 000 QL                         # 000? yes, you may argue why ... (well, it apparently does the job)
 - setfacl -b QL                        # look here, now it succeeds
 - chmod 755 QL                         # succeeds, but ... creator owner still suffers ...
 - setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # finally, target achieved!

@@ uname -a
CYGWIN_NT-6.1-WOW Seven 1.7.35s(0.286/5/3) 20150226 20:41:55 i686 Cygwin
@@ pwd # NON-elevated bash
/drv/d

@@ icacls.sh QL
D:/QL
   BUILTIN\Administrators             (I)(F)
   BUILTIN\Administrators             (I)(OI)(CI)(IO)(F)
   NT AUTHORITY\SYSTEM                (I)(F)
   NT AUTHORITY\SYSTEM                (I)(OI)(CI)(IO)(F)
   NT AUTHORITY\Authenticated Users   (I)(M)
   NT AUTHORITY\Authenticated Users   (I)(OI)(CI)(IO)(M)
   BUILTIN\Users                      (I)(RX)
   BUILTIN\Users                      (I)(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
@@ ls-facl.sh QL
D:/QL
   Owner: Seven\Henri <==== yes, I am the owner!
   Group: Seven\None
   DACL(not_protected):
   BUILTIN\Administrators             full                                allow     no_inheritance
   BUILTIN\Administrators             full                                allow     \
                                                     container_inherit+object_inherit+inherit_only
   NT AUTHORITY\SYSTEM                full                                allow     no_inheritance
   NT AUTHORITY\SYSTEM                full                                allow     \
                                                     container_inherit+object_inherit+inherit_only
   NT AUTHORITY\Authenticated Users   change                              allow     no_inheritance
   NT AUTHORITY\Authenticated Users   change                              allow     \
                                                     container_inherit+object_inherit+inherit_only
   BUILTIN\Users                      read_execute                        allow     no_inheritance
   BUILTIN\Users                      read_execute                        allow     \
                                                     container_inherit+object_inherit+inherit_only
SetACL finished successfully.

@@ chown Henri:None QL
chown: changing ownership of ?QL?: Permission denied
@@ setfacl -b QL
setfacl: Permission denied
@@ setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL
setfacl: Permission denied

@@ touch QL
@@ chmod 000 QL # because chmod 'rocks', apparently ... some sort of healing potion, I imagine?
@@ icacls.sh QL
D:/QL
   Seven\Henri                        (D,Rc,WDAC,WO,RA,WA) # will have to work on that
   Seven\None                         (Rc,S,RA)
   Everyone                           (Rc,S,RA)
   BUILTIN\Administrators             (Rc,S,RA)
   BUILTIN\Administrators             (OI)(CI)(IO)
   NT AUTHORITY\SYSTEM                (Rc,S,RA)
   NT AUTHORITY\SYSTEM                (OI)(CI)(IO)
   NT AUTHORITY\Authenticated Users   (Rc,S,RA)
   NT AUTHORITY\Authenticated Users   (OI)(CI)(IO)
   BUILTIN\Users                      (Rc,S,RA)
   BUILTIN\Users                      (OI)(CI)(IO)
Successfully processed 1 files; Failed processing 0 files
@@ setfacl -b QL # get rid of those useless mavericks ...
@@ icacls.sh QL
D:/QL
   Seven\Henri                        (D,Rc,WDAC,WO,RA,WA)
   Seven\None                         (Rc,S,RA)
   Everyone                           (Rc,S,RA)
   CREATOR OWNER                      (OI)(CI)(IO)(D,Rc,WDAC,WO,RA,WA)
   CREATOR GROUP                      (OI)(CI)(IO)(Rc,RA)
   Everyone                           (OI)(CI)(IO)(Rc,RA)
Successfully processed 1 files; Failed processing 0 files
@@ chmod 755 QL # will it restore full control?
@@ icacls.sh QL
D:/QL
   Seven\Henri                        (F)
   Seven\None                         (RX)
   Everyone                           (RX)
   CREATOR OWNER                      (OI)(CI)(IO)(D,Rc,WDAC,WO,RA,WA) # uhm, creator owner still suffers ...
   CREATOR GROUP                      (OI)(CI)(IO)(Rc,RA)
   Everyone                           (OI)(CI)(IO)(Rc,RA)
Successfully processed 1 files; Failed processing 0 files
@@ setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # now what can I expect from this command?
@@ icacls.sh QL
D:/QL
   Seven\Henri                        (F)
   Seven\None                         (RX)
   Everyone                           (RX)
   CREATOR OWNER                      (OI)(CI)(IO)(F) # Oh well, it did the trick ...
   CREATOR GROUP                      (OI)(CI)(IO)(RX)
   Everyone                           (OI)(CI)(IO)(RX)
Successfully processed 1 files; Failed processing 0 files
@@

=====


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]