Issues with ACL settings after updating to the latest cygwin.dll

xnor xnoreq@gmail.com
Tue Feb 9 20:53:00 GMT 2016 

>Not sure what Transmission is, but files downloaded with POSIX
>tools are usually not executable.  For instance, download Cygwin's
>setup-x86.exe with wget.  Then try to execute it.  It won't since
>the permissions are set according to your umask and without execute
>permissions, e.g., 0644.  This is normal.
The behavior has changed with the ACL change in Cygwin and I would not 
consider that "normal". The warning from Windows is not normal.

I realize that the previous implementation was already problematic and 
messed with permissions but I did not notice it since it never denied 
executing executables.


>The permissions must *not* be reordered.  If Cygwin creates permissions
>incorrectly it's one thing, but the order to emulate POSIX permissions
>is non-canonical.  Reordering them will break them.
>
>Please provide the exact output from icacls.
They *have* to be reordered to be modifiable in Windows/Explorer. In 
other words, if I want to change permission the new ACL behavior ensures 
that it breaks the Cygwin permissions?


Here is the output from icacls /saveacl for some file:
D:P(D;;RPWPDTRC;;;S-1-0-0)(A;;0x1f019f;;;S-1-5-21-559282050-488988736-2019639472-1001)(D;;WP;;;AU)(D;;WP;;;SY)(D;;WP;;;BA)(D;;WP;;;BU)(A;;FR;;;S-1-5-21-559282050-488988736-2019639472-513)(A;;0x1201bf;;;AU)(A;;0x1201bf;;;SY)(A;;0x1201bf;;;BA)(A;;0x1200a9;;;BU)(A;;FR;;;WD)

After letting Windows fix the order:
D:PAI(D;;RPWPDTRC;;;S-1-0-0)(D;;WP;;;AU)(D;;WP;;;SY)(D;;WP;;;BA)(D;;WP;;;BU)(A;;0x1f019f;;;S-1-5-21-559282050-488988736-2019639472-1001)(A;;FR;;;S-1-5-21-559282050-488988736-2019639472-513)(A;;0x1201bf;;;AU)(A;;0x1201bf;;;SY)(A;;0x1201bf;;;BA)(A;;0x1200a9;;;BU)(A;;FR;;;WD)

Here is what's "normal" for Windows if I create a file under a new 
folder on C: in Explorer:
D:AI(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)

Strangely enough this is displayed as "-rwxrwx---+ MyUser None" with `ls 
-l` even though my user is in the group Administrators.


Here is what I would expect:
MyUser is in the group Administrators. Given the inherited permissions 
above a Windows-created file should be shown as "-rwxrwxr--+ MyUser 
Administrators"?

After chmod 664 I would expect this:
- still inherit all the permissions
- add permission MyUser DENY execute
- add permission Administrators DENY execute
- add permission Everyone ALLOW read

Instead Cygwin copies all permissions, drops the inheritance, copies 
them again, adds None, adds NULL SID ...

After a consecutive chmod 770 I would expect the above non-inherited 
permissions to be removed again.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list