X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 	tests=AWL,BAYES_00,SPF_HELO_PASS
X-Spam-Check-By: sourceware.org
Message-ID: <4A7B5346.9060307@cygwin.com>
Date: Thu, 06 Aug 2009 18:03:50 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.21) Gecko/20090320 Remi/2.0.0.21-1.fc8.remi Lightning/0.9 Thunderbird/2.0.0.21 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Can't execute scripts from a samba share with 1.7
References: <h5cqnj$c9f$1 AT ger DOT gmane DOT org> <20090806142010 DOT GE3204 AT calimero DOT vinschen DOT de> <h5f54a$nkt$1 AT ger DOT gmane DOT org> <20090806180441 DOT GB19829 AT calimero DOT vinschen DOT de> <h5fho1$u66$1 AT ger DOT gmane DOT org>
In-Reply-To: <h5fho1$u66$1@ger.gmane.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On 08/06/2009 05:25 PM, Nahor wrote:
> Corinna Vinschen wrote:
>> On Aug 6 10:50, Nahor wrote:
>>> One weird thing though, the directory permission are 700 and yet I
>>> can list the content of the directory, cd in it and add/delete files.
>>> So permissions are not consistently checked. But then, I assume it's
>>> because all that is done by Windows/Samba while the permission check
>>> on the script is done by Cygwin? Same thing with executing binary (I
>>> was able to execute a binary file copied on the share even though I
>>> couldn't execute scripts)?
>> Most of Cygwin relys on the permission checks of the underlying OS.
>> In case of scripts, that's not possible. Therefore it has to check
>> script permissions explicitely. Note that it doesn't do a simple
>> POSIX permission bit check, rather it calls an OS function asking
>> "does *this* account have the right to execute *that* file?" That
>> should result in the most consistent behaviour, as far as Windows
>> consistency goes.
>
> Cygwin can't also check with an account with the same login and
> password? I assume that's what Windows does and why I'm allowed, as a
> user LOCAL\nahor, to access the share that belongs exclusively to the
> user DOMAIN\nahor.

I doubt that assumption would hold up to much scrutiny.  Local and
domain users, despite how similar the name and/or password might be,
don't have any relationship to each other.   There's a unique ID
generated for a user of either type so there's no definitive way to
correlate one user ID with another, even if that was desirable.  I
think you'll find that you have access to the share because you've
been authenticated to use it, regardless of whether you're using the
local or domain version of your login.  But that has little bearing on the
script in question.  Since Windows doesn't see the script as executable,
asking it for help in this matter wouldn't be useful, no matter who the
user is when the question is asked.

-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple