chmod g+ws unsuccessful, "NULL SID" icacls missing

Norton Allen
Fri Feb 10 16:42:21 GMT 2023

On 2/9/2023 4:09 PM, Corinna Vinschen wrote:
> Hi Norton,
> On Feb  9 13:25, Norton Allen via Cygwin wrote:
>> On 2/8/2023 4:05 PM, Norton Allen via Cygwin wrote:
>>> I briefly raised this issue months ago and am trying to resolve it again
>>> now.
>>> What I am trying to do is setup permissions so multiple users on one
>>> machine can share full control over a particular directory hierarchy.
>>> On Linux I have usually been able to make things work with:
>>>     $ mkdir shared_dir
>>>     $ chgrp shared_group shared_dir
>>>     $ chmod g+ws shared_dir
>>>     $ umask 2
>>> User shells are configured with umask 2 so files they create have group
>>> write. Users belong to shared_group. Files and subdirs created under
>>> shared_dir are all in group shared_group. Files moved in retain their
>>> original group, but the group members still have permission to rename or
>>> delete them.
>>> The problem:
>>> $ chmod g+ws fails to set the 's' bit, and the resulting icacls output
>>> does not contain any "NULL SID" entries. I am seeing the same problem on
>>> (at least) two different systems setup by my organization. One of these
>>> was just re-imaged and I installed Cygwin yesterday with no customized
>>> configurations. AV is Windows Defender, but I suspect if that were the
>>> culprit, there would have been more noise.
>>> I suspect there might be a group policy or something that is interfering
>>> with Cygwin's strategy for implementing POSIX permissions. I am pretty
>>> sure this worked correctly at some point in the past.
>>> Has anyone encountered this?
>>> Does group policy seem like a likely suspect? Anyone know which
>>> policy(ies)? I think I might be able to get IT to cut me slack if I knew
>>> what to ask for.
>>> I have also played with using setfacl directly to add permissions, but
>>> as anyone who has read about Cygwin file permissions might guess, that
>>> tends to have mixed/poor results, but I'd be open to any suggestions.
>> I don't actually have a system on which this is working to compare to, so I
>> am not exactly sure how it is supposed to look when it's working correctly.
>> The current behavior on  my new uncustomized installation:
>> [...]
>> Any idea what g+s should be doing? Any more/better information I can
>> provide?
> What you observe is a bug in Cygwin, plain and simple.  Without going
> into too much detail, part of the problem could never be observed with
> older coreutils, which we had to live with for much too long in the
> Cygwin distro.  The newer coreutils handles permissions slightly
> differently and that dropped the mask from the buggy code.
> I applied a patch which, hopefully, fixes this problem (in fact, plural,
> "these problems").
> A new Cygwin test release 3.5.0-0.162.g498fce80ef33 is just being built
> and should be up in an hour or so.  You can simply install it via
> Cygwin's setup tool as soon as it's on your favorite mirror.
> If it works as desired, it will be part of the next Cygwin bugfix
> release 3.4.6.
> Thanks,
> Corinna


The fix seems to work like a charm! And I am happy to be wrong about the 
source of the problem.

More information about the Cygwin mailing list