X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-2.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By:	sourceware.org
To:	cygwin AT cygwin DOT com
From:	Nahor <nahor.j+gmane AT gmail DOT com>
Subject:	Re: Can't execute scripts from a samba share with 1.7
Date:	Thu, 06 Aug 2009 15:38:43 -0700
Lines:	46
Message-ID:	<h5fm1k$a6s$1@ger.gmane.org>
References:	<h5cqnj$c9f$1 AT ger DOT gmane DOT org> <20090806142010 DOT GE3204 AT calimero DOT vinschen DOT de> <h5f54a$nkt$1 AT ger DOT gmane DOT org> <20090806180441 DOT GB19829 AT calimero DOT vinschen DOT de> <h5fho1$u66$1 AT ger DOT gmane DOT org> <4A7B5346 DOT 9060307 AT cygwin DOT com>
Mime-Version:	1.0
User-Agent:	Thunderbird 2.0.0.22 (Windows/20090605)
In-Reply-To:	<4A7B5346.9060307@cygwin.com>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

Larry Hall (Cygwin) wrote:
> On 08/06/2009 05:25 PM, Nahor wrote:
>> Corinna Vinschen wrote:
>>> On Aug 6 10:50, Nahor wrote:
>>>> One weird thing though, the directory permission are 700 and yet I
>>>> can list the content of the directory, cd in it and add/delete files.
>>>> So permissions are not consistently checked. But then, I assume it's
>>>> because all that is done by Windows/Samba while the permission check
>>>> on the script is done by Cygwin? Same thing with executing binary (I
>>>> was able to execute a binary file copied on the share even though I
>>>> couldn't execute scripts)?
>>> Most of Cygwin relys on the permission checks of the underlying OS.
>>> In case of scripts, that's not possible. Therefore it has to check
>>> script permissions explicitely. Note that it doesn't do a simple
>>> POSIX permission bit check, rather it calls an OS function asking
>>> "does *this* account have the right to execute *that* file?" That
>>> should result in the most consistent behaviour, as far as Windows
>>> consistency goes.
>>
>> Cygwin can't also check with an account with the same login and
>> password? I assume that's what Windows does and why I'm allowed, as a
>> user LOCAL\nahor, to access the share that belongs exclusively to the
>> user DOMAIN\nahor.
>
> I doubt that assumption would hold up to much scrutiny.  Local and
> domain users, despite how similar the name and/or password might be,
> don't have any relationship to each other.   There's a unique ID
> generated for a user of either type so there's no definitive way to
> correlate one user ID with another, even if that was desirable.  I
> think you'll find that you have access to the share because you've
> been authenticated to use it, regardless of whether you're using the
> local or domain version of your login.  But that has little bearing on 
> the
> script in question.  Since Windows doesn't see the script as executable,
> asking it for help in this matter wouldn't be useful, no matter who the
> user is when the question is asked.

Maybe you're right but why can I execute a binary then?
I copied notepad.exe on the share. I set its permissions to 700. I can 
then launch notepad without problem. But with scripts, that doesn't work.
So somewhere, in Windows or in Cygwin, something must behave 
differently. Could it then be that Windows doesn't check the execute 
permission when executing from a share?

    Nahor



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -