This is the mail archive of the
mailing list for the Cygwin project.
Files created in cygwin on fileshare no longer allow "delete" in NTFS
- From: Eric Duesterhaus <eduesterhaus at knapheide dot com>
- To: "cygwin at cygwin dot com" <cygwin at cygwin dot com>
- Date: Mon, 11 Dec 2017 19:58:28 +0000
- Subject: Files created in cygwin on fileshare no longer allow "delete" in NTFS
- Authentication-results: sourceware.org; auth=none
- Authentication-results: mail.knapheide.com; spf=None smtp.pra=eduesterhaus at knapheide dot com; spf=None smtp.mailfrom=eduesterhaus at knapheide dot com; spf=None smtp.helo=postmaster at mail dot knapheide dot com
Hi Cygwin Community,
We are currently encountering an issue with Cygwin in regards to NTFS permissions on files created within Cygwin. I'll try to outline my issue with specifics.
1. There is a windows file server mapped to M:\ on the a windows computer running Cygwin.
2. There is an active directory group that has "Modify" level permissions on this file share (In NTFS, Modify includes explicit "delete" rights)
3. "User1" and "User2" are both members of the aforementioned AD group.
4. A file is created in /cygdrive/m/filepath/ through Cygwin being run as "User1".
5. "User2" attempts to delete this file. It does not work (access denied).
6. Upon further inspection of this file's ACL, the AD group with Modify level permissions now only has "read, write, execute" permissions, which, using windows "Effective Access" tool shows that the checkbox that assigns "delete" rights is no longer checked for this group.
I tried using getfacl on a file with the modify permission allowed to my AD group, then passed that file into setfacl with the -f option to overwrite the ACL of my created file. From the NTFS point of view, my AD group still only has read/write/execute permissions instead of modify, which again, doesn't allow delete.
For information gathering I use the resultant file from getfacl to setacl -f on a file with "good" NTFS permissions, it overwrites the permissions and again, my AD group only has rwx and not "modify" permissions while looking at the ACL from windows.
How can I retain NTFS "delete" rights for my users and groups on files created by Cygwin?
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple