delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2009/03/08/05:06:10

X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Sun, 8 Mar 2009 11:05:43 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Turning off execute permission
Message-ID: <20090308100543.GO31459@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <49B22717 DOT 5020508 AT columbus DOT rr DOT com> <49B29464 DOT 4090507 AT byu DOT net>
MIME-Version: 1.0
In-Reply-To: <49B29464.4090507@byu.net>
User-Agent: Mutt/1.5.19 (2009-02-20)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Mar  7 08:36, Eric Blake wrote:
> According to Paul McFerrin on 3/7/2009 12:49 AM:
> > I've been reading:
> > http://cygwin.com/1.7/cygwin-ug-net/ntsec.html#ntsec-files
> > on the execute permissions.  Did I read that it was impossible to deny
> > execute permissions??  In my tests, the follow is always "true" if a
> > file has no execute permissions: (mode 666 or 000)
> >  [ -x apachectl ]
> >  test -x apachectl
> > for all of the shells
> 
> Are you operating as an administrator?  Just as in Linux, the superuser
> has the privilege of executing any file regardless of its permissions.
> test -x uses access() and not stat() to determine the answer of whether
> the file is executable for the currently logged on user, so this is
> accurately reporting what you are able to do with the file, regardless of
> what the permission bits are on the file.

That's not quite right.  The execute bit is not affected from being
an admin or not.  Here's an access check on Cygwin using one of my
test hacks.  Hein is just some user, corinna is an admin:

  $ ls -l 
  [~]$ ll x.*
  -rw------- 1 hein vinschen   360 Feb 13 15:24 x.c
  -rwx------ 1 hein vinschen 34352 Feb 13 18:40 x.exe
  $ tests/access x.c
  access (x.c, F_OK) = 0
  access (x.c, R_OK) = 0
  access (x.c, W_OK) = 0
  access (x.c, X_OK) = -1 <Permission denied>
  $ tests/access x.exe
  access (x.c, F_OK) = 0
  access (x.c, R_OK) = 0
  access (x.c, W_OK) = 0
  access (x.c, X_OK) = -1 <Permission denied>

That's different from Linux BTW, because the x.exe check would have
allowed root to execute x.exe.  Linux does so if any single execute
bit is set in the permission bits.  But that's not the case on
Windows and the above access result actually reflects the truth.

As for the -x apachectl check in Paul's case, it doesn't work that
way for me:

  $ test -x x.c && echo exe || echo no-exe
  no-exe

I'm wondering if the file apachectl has a somewhat more complicated ACL.
The ouptut of `cacls apachectl' might give a hint.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019