This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: I'm having problems with cygwin 1.7 and ACL handling.


Hi Corinna,

Thanks for your tip, it pointed me to the right direction.

When calling the test now with 

	cygdrop -P backup -P restore test.exe 

the test is running fine. 

Is it also possible to drop this privileges by default? when logging in via ssh or using the cygwin bash? If so I don't have to change my scripts which call the test, but can configure it on the system itself.

Regards,
Mark

Re: I'm having problems with cygwin 1.7 and ACL handling.

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Mon, 2 Jul 2012 18:04:52 +0200
Subject: Re: I'm having problems with cygwin 1.7 and ACL handling.
References: <0260B13BA0AA1A4693F4245FC28FD77705EC62CC1C@CVL-SVR-002>
Reply-to: cygwin at cygwin dot com
On Jul  2 17:56, Mark Lommers wrote:
> Hi,
> 
> I'm having problems with cygwin 1.7 and ACL handling.
> 
> I do some software development and for the software I write I also create unit tests. Those unit test are run automatically in a cygwin environment triggered by a build system. Now I'm updating the machines on which the unit tests are running, from windows XP to Windows Server 2008 and from cygwin 1.5 to cygwin 1.7. Since this update some unit tests are failing. 
> 
> All the failing unit tests have in common that they do something with ACL:
> 
> For some test we change the access control list like:
> 
> ÂÂÂÂÂ acl.AddAccessRule(new System.Security.AccessControl.FileSystemAccessRule(WindowsIdentity.GetCurrent().Name
> ÂÂÂÂÂÂÂ , System.Security.AccessControl.FileSystemRights.FullControl
> ÂÂÂÂÂÂÂ , System.Security.AccessControl.AccessControlType.Deny));
>        SandboxedDirectory.SetAccessControl(acl);
> 
> Then in the test we try to create a directory inside the sandboxed directory and check that the right exception has been thrown because it shouldn't be able to do so. 
> 
> 
> On windows XP with cygwin version 1.5 everything was working OK
> 
> Now we are upgrading to windows server 2008 so we also need to update to cygwin 1.7, the test are starting to fail, because they are able to create directories in the sandboxed directory.
> 
> I know/read that from cygwin 1.7 cygwin uses mount point with corresponding acl/noacl flags and no longer using the ntsec and nontsec flags in the CYGWIN environment variable.
> 
> I tried to change the mounting point to set noacl and acl but this didn't had any effect.
> 
> On the OLD xp machines with cygwin 1.5 the CYGWIN variable was set to nontsec
> 
> In CMD prompt test run fine.
> In a bash prompt test fail.
> In a cmd prompt started from a bash prompt test also fail.
> 
> Not running in a cygwin environment is not an option for now!
> 
> Any Idea what to do?

Are you running the tests under an elevated admin account?  If so, the
reason you are able to create dirs is that the SE_BACKUP_NAME and
SE_RESTORE_NAME user privileges are enabled when running in a Cygwin
environment.

Don't run the affected tests from an elevated session or strip the
privileges from the user token using the cygdrop tool from the cygutils
package when running these tests.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]