This is the mail archive of the
cygwin
mailing list for the Cygwin project.
vi stealing SYSTEM-owned permissions and ownership
- From: "D. Boland" <daniel at boland dot nl>
- To: cygwin at cygwin dot com
- Date: Sat, 02 Nov 2013 13:44:06 +0100
- Subject: vi stealing SYSTEM-owned permissions and ownership
- Authentication-results: sourceware.org; auth=none
Hi group,
I'm a Linux teacher at a school for vocational education in the Netherlands.
I use Cyqwin to help my students overcome their fear of the command line by
showing them their Windows systems through the eyes of Linux.
I had them install Apache and then configure it in Cygwin using vi.
As of Windows 8, the Apache installation sometimes fails, because of permission
issues. Installing "As administrator" solves the problem. This is fine
with me because in other Linuxes, Apache is installed as root by default.
After installation, permissions in the Apache "conf" directory look like this:
drwx------+ 1 SYSTEM SYSTEM 0 28 okt 20:43 .
drwx------+ 1 SYSTEM SYSTEM 0 2 nov 13:10 ..
-rwx------+ 1 SYSTEM SYSTEM 35142 26 okt 18:07 httpd.conf
-rwx------+ 1 SYSTEM SYSTEM 34770 7 okt 23:29 httpd.default.conf
-rwx------+ 1 SYSTEM SYSTEM 13340 3 okt 07:59 magic
-rwx------+ 1 SYSTEM SYSTEM 13340 21 nov 2004 magic.default
-rwx------+ 1 SYSTEM SYSTEM 54599 3 okt 07:59 mime.types
-rwx------+ 1 SYSTEM SYSTEM 54599 17 mrt 2012 mime.types.default
-rwx------+ 1 SYSTEM SYSTEM 9390 5 feb 2013 openssl.cnf
-rwx------+ 1 SYSTEM SYSTEM 11050 3 okt 07:59 ssl.conf
-rwx------+ 1 SYSTEM SYSTEM 11030 7 okt 23:29 ssl.default.conf
To emulate the Unix permissions model, I had my students add a group in Windows,
named "apache", making themselves a member and then import it using the mkgroup
command.
After a chgrp and chmod on the entire Apache folder, the "conf" directory looks
like this:
drwxrwx---+ 1 SYSTEM apache 0 28 okt 20:43 .
drwxrwx---+ 1 SYSTEM apache 0 2 nov 13:10 ..
-rwxrwx---+ 1 SYSTEM apache 35142 26 okt 18:07 httpd.conf
-rwxrwx---+ 1 SYSTEM apache 34770 7 okt 23:29 httpd.default.conf
-rwxrwx---+ 1 SYSTEM apache 13340 3 okt 07:59 magic
-rwxrwx---+ 1 SYSTEM apache 13340 21 nov 2004 magic.default
-rwxrwx---+ 1 SYSTEM apache 54599 3 okt 07:59 mime.types
-rwxrwx---+ 1 SYSTEM apache 54599 17 mrt 2012 mime.types.default
-rwxrwx---+ 1 SYSTEM apache 9390 5 feb 2013 openssl.cnf
-rwxrwx---+ 1 SYSTEM apache 11050 3 okt 07:59 ssl.conf
-rwxrwx---+ 1 SYSTEM apache 11030 7 okt 23:29 ssl.default.conf
My students can now administer Apache without running Cygwin "As administrator".
Also, this is extremely useful in real-time business situations. It enables my
students to grant Apache admin permissions to other users by putting them in
the apache group, without giving them full admin access on the entire system.
But here's the problem. After editing the httpd.conf file with vi, the permissions
on the "httpd.conf" file are changed to:
----------+ 1 Daniel None 35142 2 nov 13:20 httpd.conf
This should not be. I tested this on my RedHat and OpenBSD systems, and there are
no changes in ownership or permissions after editing with vi.
After fiddling with chown, chgrp, chmod, getfacl, setfacl and icacl for a few
hours, I finally installed nano. Nano behaved. It did not alter anything except
the contents of the file.
But I want my students to learn vi, so having them install nano is not an option.
I think the problem is vi. Vi deletes the original file and creates a new one with
the changed contents, without resetting the original ownership and permissions. See
also this post:
http://unix.stackexchange.com/questions/58880/how-does-vim-steal-root-owned-files
Can somebody shed some light on this?
Meanwhile, I accidentally found sort of a solution: deleting the file without write
permissions on the containing folder, restores the permissions set by Administrator.
As Administrator:
chmod 0700 .
touch test.txt
chown SYSTEM:apache test.txt
chmod 0770 test.txt
Results in:
-rwxrwx---+ 1 SYSTEM apache 0 2 nov 13:26 test.txt
As "normal" user:
Edit the file with vi. After, permissions will look like:
----------+ 1 Daniel None 9 2 nov 13:29 test.txt
$ getfacl.exe test.txt
# file: test.txt
# owner: Daniel
# group: None
user::---
group::---
group:SYSTEM:rwx
group:Administrators:rwx
group:Gebruikers:r-x
group:apache:rwx
mask:rwx
other:---
To "solve" this, simply delete the file:
rm test.txt
The file is not deleted because of 0700 on the containing folder. But the original
permissions, set by Admin are restored!!
-rwxrwx---+ 1 SYSTEM apache 9 2 nov 13:29 test.txt
$ getfacl.exe test.txt
# file: test.txt
# owner: SYSTEM
# group: apache
user::rwx
group::rwx
group:Administrators:rwx
group:Gebruikers:r-x
mask:rwx
other:---
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple