chmod/chgrp ignores Windows ACL full control? (rm works fine)
Corinna Vinschen
corinna-cygwin@cygwin.com
Tue Jun 9 10:41:00 GMT 2009
On Jun 9 11:58, Fischer, Tilman wrote:
> Hello all, Hi Corinna,
>
> I get a 'Permission denied' for 'chmod' or 'chgrp' on a file using a
> standard windows user with full access ('ls -l' shows: '-rwx------+ 1 admin
> None'). According to 'getfacl' the user has the rwx-rights on the file and
> there is no problem to move, copy or delete the file (with mv, cp, rm).
> This seems like an inconsistent mapping of the Windows permissions.
>
> Steps to reproduce:
> 1.) Create file 'test' belonging to an administrator in a folder C:\SPECIAL.
> 2.) Use a Windows group SPECIAL_USER_GRP with full control (Windows
> Properties->Security tab) including inheritance (Advanced settings: Replace
> permission entries on all child objects) on the folder C:\SPECIAL.
> 3.) A standard restricted normal user 'special_user' (only access allowed
> permissions are used) is added to the SPECIAL_USER_GRP.
> 4.) Use 'chmod 774 test' with the 'special_user':
> chmod: changing permission of `test´: Permission denied
> 5.) Use 'rm test' with the 'special_user' results in no problem. The file is
> gone.
In Cygwin 1.5 it won't work, because the chmod function uses the same
code as the chown function and tries to change ownership. Well, not
really, but it requests permission to change ownership. This will
always fail since that requires SE_BACKUP_NAME privileges, which only
admins have.
It works in Cygwin 1.7, though, because the chown function does not
request permission to change ownership anymore. But it will work only
once. After setting the permissions the group will have
POSIX-compatible permissions, and those don't include WRITE_DAC
permissions. Only admins and the owner have permission to change
permissions under POSIX rules.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list