I'm having problems with cygwin 1.7 and ACL handling.

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Jul 2 16:05:00 GMT 2012

On Jul  2 17:56, Mark Lommers wrote:
> Hi,
> I'm having problems with cygwin 1.7 and ACL handling.
> I do some software development and for the software I write I also create unit tests. Those unit test are run automatically in a cygwin environment triggered by a build system. Now I'm updating the machines on which the unit tests are running, from windows XP to Windows Server 2008 and from cygwin 1.5 to cygwin 1.7. Since this update some unit tests are failing. 
> All the failing unit tests have in common that they do something with ACL:
> For some test we change the access control list like:
>       acl.AddAccessRule(new System.Security.AccessControl.FileSystemAccessRule(WindowsIdentity.GetCurrent().Name
>         , System.Security.AccessControl.FileSystemRights.FullControl
>         , System.Security.AccessControl.AccessControlType.Deny));
>        SandboxedDirectory.SetAccessControl(acl);
> Then in the test we try to create a directory inside the sandboxed directory and check that the right exception has been thrown because it shouldn't be able to do so. 
> On windows XP with cygwin version 1.5 everything was working OK
> Now we are upgrading to windows server 2008 so we also need to update to cygwin 1.7, the test are starting to fail, because they are able to create directories in the sandboxed directory.
> I know/read that from cygwin 1.7 cygwin uses mount point with corresponding acl/noacl flags and no longer using the ntsec and nontsec flags in the CYGWIN environment variable.
> I tried to change the mounting point to set noacl and acl but this didn't had any effect.
> On the OLD xp machines with cygwin 1.5 the CYGWIN variable was set to nontsec
> In CMD prompt test run fine.
> In a bash prompt test fail.
> In a cmd prompt started from a bash prompt test also fail.
> Not running in a cygwin environment is not an option for now!
> Any Idea what to do?

Are you running the tests under an elevated admin account?  If so, the
reason you are able to create dirs is that the SE_BACKUP_NAME and
SE_RESTORE_NAME user privileges are enabled when running in a Cygwin

Don't run the affected tests from an elevated session or strip the
privileges from the user token using the cygdrop tool from the cygutils
package when running these tests.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list