This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: RESOLVED (?): Cygwin permissions problem


At 10:19 PM 8/10/2004, you wrote:
> 
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>(Ref: original "Cygwin permissions problem" and related threads)
>
>FYI: I managed to resolve my issue by completely re-installing Cygwin
>from scratch after having added (and allowing to propagate) the
>"Everyone" group (Read and Execute only) to my set of permissions
>[for all of my partitions].
>
>What I find odd(?) about this whole episode is that the "Everyone"
>group should apparently be required [by Cygwin] like that. Could
>someone explain that to me?
>
>The reason I personally find it to be somewhat "odd" is simply
>because my Windows system behaves perfectly (just fine) without it.
>
>Now I know that Cygwin (i.e. *nix) is NOT Windows and vice versa, but
>why does Cygwin (*nix?) apparently choke whenever none of the (its?)
>files are given any type of "public" access? (Which is what the
>"Everyone" group is for, yes?)
>
>It seems to me one *should* be able to do what I was doing (i.e. only
>assigning explicit "private" (i.e. no public) permissions/access to
>all of my files/folders) without any serious side effects, but
>apparently not.
>
>Could some kind soul out there help me to understand why *SOME* type
>of "public" permissions set is [apparently] required by Cygwin?
>(*nix?)
>
>Thanks.


I thought Pierre did a rather good (good?  I mean excellent! ;-) ) job
of explaining the issue with his last email to you on this subject:

<http://cygwin.com/ml/cygwin/2004-08/msg00280.html>

The key part is that 'setup.exe' is not a Cygwin program (it can't be) 
so it's largely bound by Windows security semantics.  These don't map 
well into the Cygwin emulation of POSIX permissions.  So, if neither 
you, nor standard groups, nor "Everyone" owns the file, there will be 
a mismatch of the permissions on the files and directories in the 
Windows view (ACLs) and the POSIX view (owner, group, world).  As 
Pierre pointed out, POSIX tools like 'cp' only operate on POSIX 
permissions.  If those are '---------', then you get no permissions
on that copied file.  So one solution is to do what you did.  Make 
sure that 'Everyone' owns the files in the Windows ACL.  You do that
by creating the directory you want to install Cygwin to and setting
the permissions, via Windows, before Cygwin installation, making sure
to set the permissions so they are inherited.  For the case of 'Everyone',
that maps to the 'world'.  Another alternative is to create a CYGWIN
environment variable with 'nontsec' set before installation.  That will
make Cygwin use Windows ACLs, following those rules exclusively.

If you're still having trouble understanding what's going on here, I
suggest you read the NT security chapter of the User's Guide:

<http://cygwin.com/cygwin-ug-net/ntsec.html>

If you read it already, read it again.  I'm serious.  This is complicated
stuff giving the partial mapping of ACLs to POSIX permissions.  It takes
some real thought to understand it all and it's limitations.  Reading this
more than once can make things click where they didn't before.  When you
get so you understand it, feel free to offer patches to make Cygwin and 
'setup.exe' better in this area.  You can save the next person who has
tight permissions some trouble. :-)


--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]