X-Recipient:	archive-cygwin AT delorie DOT com
X-Spam-Check-By:	sourceware.org
Date:	Tue, 9 Jun 2009 12:40:50 +0200
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: chmod/chgrp ignores Windows ACL full control? (rm works fine)
Message-ID:	<20090609104050.GA19221@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<4D93AAF95CB5A64E8F622EC796ECF5AC08550845 AT exil DOT condat DOT de>
MIME-Version:	1.0
In-Reply-To:	<4D93AAF95CB5A64E8F622EC796ECF5AC08550845@exil.condat.de>
User-Agent:	Mutt/1.5.19 (2009-02-20)
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

On Jun  9 11:58, Fischer, Tilman wrote:
> Hello all, Hi Corinna,
> 
> I get a 'Permission denied' for 'chmod' or 'chgrp' on a file using a
> standard windows user with full access ('ls -l' shows: '-rwx------+ 1 admin
> None'). According to 'getfacl' the user has the rwx-rights on the file and
> there is no problem to move, copy or delete the file (with mv, cp, rm).
> This seems like an inconsistent mapping of the Windows permissions.
> 
> Steps to reproduce:
> 1.) Create file 'test' belonging to an administrator in a folder C:\SPECIAL.
> 2.) Use a Windows group SPECIAL_USER_GRP with full control (Windows
> Properties->Security tab) including inheritance (Advanced settings: Replace
> permission entries on all child objects) on the folder C:\SPECIAL.
> 3.) A standard restricted normal user 'special_user' (only access allowed
> permissions are used) is added to the SPECIAL_USER_GRP.
> 4.) Use 'chmod 774 test' with the 'special_user':
> chmod: changing permission of `test´: Permission denied
> 5.) Use 'rm test' with the 'special_user' results in no problem. The file is
> gone.

In Cygwin 1.5 it won't work, because the chmod function uses the same
code as the chown function and tries to change ownership.  Well, not
really, but it requests permission to change ownership.  This will
always fail since that requires SE_BACKUP_NAME privileges, which only
admins have.

It works in Cygwin 1.7, though, because the chown function does not
request permission to change ownership anymore.  But it will work only
once.  After setting the permissions the group will have
POSIX-compatible permissions, and those don't include WRITE_DAC
permissions.  Only admins and the owner have permission to change
permissions under POSIX rules.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -