This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: chmod/chgrp ignores Windows ACL full control? (rm works fine)

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Tue, 9 Jun 2009 12:40:50 +0200
Subject: Re: chmod/chgrp ignores Windows ACL full control? (rm works fine)
References: <4D93AAF95CB5A64E8F622EC796ECF5AC08550845@exil.condat.de>
Reply-to: cygwin at cygwin dot com

On Jun  9 11:58, Fischer, Tilman wrote:
> Hello all, Hi Corinna,
> 
> I get a 'Permission denied' for 'chmod' or 'chgrp' on a file using a
> standard windows user with full access ('ls -l' shows: '-rwx------+ 1 admin
> None'). According to 'getfacl' the user has the rwx-rights on the file and
> there is no problem to move, copy or delete the file (with mv, cp, rm).
> This seems like an inconsistent mapping of the Windows permissions.
> 
> Steps to reproduce:
> 1.) Create file 'test' belonging to an administrator in a folder C:\SPECIAL.
> 2.) Use a Windows group SPECIAL_USER_GRP with full control (Windows
> Properties->Security tab) including inheritance (Advanced settings: Replace
> permission entries on all child objects) on the folder C:\SPECIAL.
> 3.) A standard restricted normal user 'special_user' (only access allowed
> permissions are used) is added to the SPECIAL_USER_GRP.
> 4.) Use 'chmod 774 test' with the 'special_user':
> chmod: changing permission of `test´: Permission denied
> 5.) Use 'rm test' with the 'special_user' results in no problem. The file is
> gone.

In Cygwin 1.5 it won't work, because the chmod function uses the same
code as the chown function and tries to change ownership.  Well, not
really, but it requests permission to change ownership.  This will
always fail since that requires SE_BACKUP_NAME privileges, which only
admins have.

It works in Cygwin 1.7, though, because the chown function does not
request permission to change ownership anymore.  But it will work only
once.  After setting the permissions the group will have
POSIX-compatible permissions, and those don't include WRITE_DAC
permissions.  Only admins and the owner have permission to change
permissions under POSIX rules.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- chmod/chgrp ignores Windows ACL full control? (rm works fine)
  - From: Fischer, Tilman

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]