This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: RESOLVED (?): Cygwin permissions problem


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Larry Hall wrote:

> Fish wrote:
<snip>
> > Could some kind soul out there help me to understand why
> > *SOME* type of "public" permissions set is [apparently]
> > required by Cygwin? (*nix?)
> >
> > Thanks.
> 
> 
> I thought Pierre did a rather good (good?  I mean excellent!
> ;-) ) job of explaining the issue with his last email to you
> on this subject:
> 
> <http://cygwin.com/ml/cygwin/2004-08/msg00280.html>

Hmmm... I seemed to have missed that post. Thanks!

(And Thank YOU Pierre! Sorry I missed your reply. Must have been the
change in the subject line and me not watching things closely enough.
My apologies.)

> The key part is that 'setup.exe' is not a Cygwin program
> (it can't be) so it's largely bound by Windows security
> semantics. These don't map well into the Cygwin emulation
> of POSIX permissions. So, if neither you, nor standard groups,
> nor "Everyone" owns the file, there will be a mismatch
> of the permissions on the files and directories in the
> Windows view (ACLs) and the POSIX view (owner, group, world).

I guess that make sense.

> As Pierre pointed out, POSIX tools like 'cp' only operate on
> POSIX permissions.  If those are '---------', then you get no
> permissions on that copied file.

Yep. That's what was happening. I manually tried to 'cp' the files
just like the postinstall scripts were doing and sure enough I got a
file with no permissions. :)

> So one solution is to do what you did.  Make sure that
> 'Everyone' owns the files in the Windows ACL.

Well, not "owns", but I get the drift. :)

> You do that by creating the directory you want to install
> Cygwin to and setting the permissions, via Windows, before
> Cygwin installation, making sure to set the permissions so
> they are inherited.

Ah. Then if I understand things correctly, I could probably remove
the "Everyone" group from everywhere (i.e. from all partitions (root
[drive] folders), just like I had it before) and just have on the
*Cygwin* directory *only*, right? Makes sense. Don't know why I
didn't think of it before. (Hind sight is always 20-20, eh?)

> For the case of 'Everyone', that maps to the 'world'.

Figured that. :)

> Another alternative is to create a CYGWIN environment
> variable with 'nontsec' set before installation.  That will
> make Cygwin use Windows ACLs, following those rules
> exclusively.

THAT sounds more like what I think I might want. I don't think I
really need to have my Cygwin environment mimic the POSIX permissions
so closely IMO. (At least I don't think so anyway) The way Windoze is
doing/handling it is just fine, so 'nontsec' *sounds* like something
I should definitely investigate. Thanks.

> If you're still having trouble understanding what's going on here,
> I suggest you read the NT security chapter of the User's Guide:
> 
> <http://cygwin.com/cygwin-ug-net/ntsec.html>

Cool. Thanks. I'll read through that when I get a chance. (It's late
right now though so I'll save it for tomorrow)

> If you read it already, read it again.

  :)

> I'm serious.

I'm sure you are. The GUI presentation of Windows' permissions is,
more or less, relatively straightforward (or at least straightforward
enough that I *think* I can pretty much understand what permissions I
should probably set/use anyway), but how it actually *works* (i.e.
what goes on behind the scenes) tends to give me a headache whenever
I read about it. (Windows permissions is one area where I'm still not
"up to speed" on yet)

> This is complicated stuff giving the partial mapping of ACLs to
> POSIX permissions.

No sh*t!  :)

> It takes some real thought to understand it all and it's
> limitations. Reading this more than once can make things click
> where they didn't before.  When you get so you understand it, feel
> free to offer patches to make Cygwin and 'setup.exe' better in this
> area.  You can save the next person who has tight permissions some
> trouble. :-)

Will do. :)

(But don't hold your breath waiting)

  ;-)


Thanks you guys.


(And again sorry for missing your reply Pierre)

- -- 
"Fish" (David B. Trout)
   fish@infidels.org

Fight Spam! Join CAUCE!
http://www.cauce.org/

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBQRnXAEj11/TE7j4qEQK73gCeMYZHoIFKRIWSIlCHmDJu3lEIrDIAoLb5
cKJ/J6RBmm5LOlTDsrMd8x9a
=Pt6H
-----END PGP SIGNATURE-----



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]