cygwin permissions problem on a network drive

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Jul 5 08:59:00 GMT 2011


On Jul  5 12:21, Bill Metzenthen wrote:
> I have problems with permissions on a network drive.  The drive is
> maintained by others and I have no control over the Windows
> permissions of the drive.
> [...]
> If I now try to use cygwin to create anything then it fails (despite
> it reporting that I have rwx permissions for the directory):

For now, set the mount point for this drive to "noacl".  If you're
accessing the share via /cygdrive, create a distinct mount point for it.

I know what change in Cygwin is causing that problem, but unfortunately
I could never reproduce the server share settings myself which result in
the permission denied.

> Windows Explorer reports that the subdirectories (but not files) are
> read-only but silently fails to remove its read-only flag if I try
> that.

That's unrelated.  The R/O flag on directories is ignored by Windows
anyway, see http://support.microsoft.com/kb/326549

> It reports that I have all permissions but not 'Full Control'.

That's ok, usually.

> What should I ask the system administrator to change so that cygwin
> will once again work on this drive?  Perhaps there is some new setting
> (or an old one which has somehow changed) for cygwin that I have
> failed to notice?

If you want to discuss this with your admin, the problem is this:  When
Cygwin 1.7.9 tries to create a file on a filesystem which supports ACLs,
it requests WRITE_DAC permissions in the open call.  WRITE_DAC is the
access right you need to create the permission bits in the file's ACL,
what you see in Explorer under the Security tab.

Now, in some environments, the settings of the shares are so, that this
right is apparently not granted, even for the creator of the file.
But, as far as earlier reports go, there seem to be no indication of
this in the ACL.  As I mentioned above, I experimented with this
myself, but I have never managed to reproduce this setting on the server.
So I neither know how this setting looks like, nor if there's a way
to recognize such a share.

So, for the time being, I will change this in Cygwin for the next
version so that it doesn't request WRITE_DAC permissions when trying
to create a file or directory on a network share.

The result will be that every file creation on a network share with ACL
support will try to open the file twice, the first time to create it,
the second time to set the POSIX permissions.  This slows down remote
file creation again, but I don't see a useful way around it.  Testing
for an access denied error afterwards and trying again is rather
awkward.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list