Mail Archives: cygwin/2013/11/02/08:55:24

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2013/11/02/08:55:24

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:mime-version

:content-type:content-transfer-encoding; q=dns; s=default; b=EJ4

e3Zz31Myu81ThOFDc5OU+T/LiAnCcPgUEWicK/lIenFwHtSAHkt+IRn3/vnhUN7d

AW8Ht3re/hFNPOumf8fxsDtpRcO4/0O14mDfrVvB64Ss+jWhJbicjr4kuCbmYnfw

Md1werwD6ZBckHrXQwa32qk4VfOdvxu2E2qlFvSU=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:mime-version

:content-type:content-transfer-encoding; s=default; bh=dPTe8a5Ef

Q9UdDQtZ/Vyocfvvrc=; b=QF+guhaymsjulwPmuCUNm/GkxGIGWmmtBIdNITJBA

2uyQVAqusscCBgTK+VdSLgRC0fkxdfy/FiVZpZ+WwswV45ZED2D90c4UqdKmOnSO

WY1ghvVb2el29+Pe+TcpfMkNhMcORralLfvlAfhGYscZHo3INc5MeLR24usG/nxq

/k=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-0.5 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2

X-HELO: plane.gmane.org

To: cygwin AT cygwin DOT com

From: "D. Boland" <daniel AT boland DOT nl>

Subject: vi stealing SYSTEM-owned permissions and ownership

Date: Sat, 02 Nov 2013 13:44:06 +0100

Lines: 122

Message-ID: <5274F396.A133C4CE@boland.nl>

Mime-Version: 1.0

X-IsSubscribed: yes

Hi group,

I'm a Linux teacher at a school for vocational education in the Netherlands. 
I use Cyqwin to help my students overcome their fear of the command line by 
showing them their Windows systems through the eyes of Linux.

I had them install Apache and then configure it in Cygwin using vi.

As of Windows 8, the Apache installation sometimes fails, because of permission
issues. Installing "As administrator" solves the problem. This is fine 
with me because in other Linuxes, Apache is installed as root by default.

After installation, permissions in the Apache "conf" directory look like this:

drwx------+ 1 SYSTEM SYSTEM     0 28 okt 20:43 .
drwx------+ 1 SYSTEM SYSTEM     0  2 nov 13:10 ..
-rwx------+ 1 SYSTEM SYSTEM 35142 26 okt 18:07 httpd.conf
-rwx------+ 1 SYSTEM SYSTEM 34770  7 okt 23:29 httpd.default.conf
-rwx------+ 1 SYSTEM SYSTEM 13340  3 okt 07:59 magic
-rwx------+ 1 SYSTEM SYSTEM 13340 21 nov  2004 magic.default
-rwx------+ 1 SYSTEM SYSTEM 54599  3 okt 07:59 mime.types
-rwx------+ 1 SYSTEM SYSTEM 54599 17 mrt  2012 mime.types.default
-rwx------+ 1 SYSTEM SYSTEM  9390  5 feb  2013 openssl.cnf
-rwx------+ 1 SYSTEM SYSTEM 11050  3 okt 07:59 ssl.conf
-rwx------+ 1 SYSTEM SYSTEM 11030  7 okt 23:29 ssl.default.conf

To emulate the Unix permissions model, I had my students add a group in Windows,
named "apache", making themselves a member and then import it using the mkgroup 
command.

After a chgrp and chmod on the entire Apache folder, the "conf" directory looks 
like this:

drwxrwx---+ 1 SYSTEM apache     0 28 okt 20:43 .
drwxrwx---+ 1 SYSTEM apache     0  2 nov 13:10 ..
-rwxrwx---+ 1 SYSTEM apache 35142 26 okt 18:07 httpd.conf
-rwxrwx---+ 1 SYSTEM apache 34770  7 okt 23:29 httpd.default.conf
-rwxrwx---+ 1 SYSTEM apache 13340  3 okt 07:59 magic
-rwxrwx---+ 1 SYSTEM apache 13340 21 nov  2004 magic.default
-rwxrwx---+ 1 SYSTEM apache 54599  3 okt 07:59 mime.types
-rwxrwx---+ 1 SYSTEM apache 54599 17 mrt  2012 mime.types.default
-rwxrwx---+ 1 SYSTEM apache  9390  5 feb  2013 openssl.cnf
-rwxrwx---+ 1 SYSTEM apache 11050  3 okt 07:59 ssl.conf
-rwxrwx---+ 1 SYSTEM apache 11030  7 okt 23:29 ssl.default.conf

My students can now administer Apache without running Cygwin "As administrator".
Also, this is extremely useful in real-time business situations. It enables my 
students to grant Apache admin permissions to other users by putting them in 
the apache group, without giving them full admin access on the entire system.

But here's the problem. After editing the httpd.conf file with vi, the permissions 
on the "httpd.conf" file are changed to:

----------+ 1 Daniel None   35142  2 nov 13:20 httpd.conf

This should not be. I tested this on my RedHat and OpenBSD systems, and there are 
no changes in ownership or permissions after editing with vi.

After fiddling with chown, chgrp, chmod, getfacl, setfacl and icacl for a few 
hours, I finally installed nano. Nano behaved. It did not alter anything except
the contents of the file.

But I want my students to learn vi, so having them install nano is not an option. 

I think the problem is vi. Vi deletes the original file and creates a new one with
the changed contents, without resetting the original ownership and permissions. See 
also this post:

http://unix.stackexchange.com/questions/58880/how-does-vim-steal-root-owned-files

Can somebody shed some light on this?

Meanwhile, I accidentally found sort of a solution: deleting the file without write
permissions on the containing folder, restores the permissions set by Administrator.

As Administrator:
chmod 0700 .
touch test.txt
chown SYSTEM:apache test.txt
chmod 0770 test.txt

Results in:

-rwxrwx---+ 1 SYSTEM apache     0  2 nov 13:26 test.txt

As "normal" user:
Edit the file with vi. After, permissions will look like:

----------+ 1 Daniel None       9  2 nov 13:29 test.txt

$ getfacl.exe test.txt
# file: test.txt
# owner: Daniel
# group: None
user::---
group::---
group:SYSTEM:rwx
group:Administrators:rwx
group:Gebruikers:r-x
group:apache:rwx
mask:rwx
other:---

To "solve" this, simply delete the file:

rm test.txt

The file is not deleted because of 0700 on the containing folder. But the original 
permissions, set by Admin are restored!!

-rwxrwx---+ 1 SYSTEM apache     9  2 nov 13:29 test.txt

$ getfacl.exe test.txt
# file: test.txt
# owner: SYSTEM
# group: apache
user::rwx
group::rwx
group:Administrators:rwx
group:Gebruikers:r-x
mask:rwx
other:---


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=EJ4
	e3Zz31Myu81ThOFDc5OU+T/LiAnCcPgUEWicK/lIenFwHtSAHkt+IRn3/vnhUN7d
	AW8Ht3re/hFNPOumf8fxsDtpRcO4/0O14mDfrVvB64Ss+jWhJbicjr4kuCbmYnfw
	Md1werwD6ZBckHrXQwa32qk4VfOdvxu2E2qlFvSU=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; s=default; bh=dPTe8a5Ef
	Q9UdDQtZ/Vyocfvvrc=; b=QF+guhaymsjulwPmuCUNm/GkxGIGWmmtBIdNITJBA
	2uyQVAqusscCBgTK+VdSLgRC0fkxdfy/FiVZpZ+WwswV45ZED2D90c4UqdKmOnSO
	WY1ghvVb2el29+Pe+TcpfMkNhMcORralLfvlAfhGYscZHo3INc5MeLR24usG/nxq
	/k=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-0.5 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	"D. Boland" <daniel AT boland DOT nl>
Subject:	vi stealing SYSTEM-owned permissions and ownership
Date:	Sat, 02 Nov 2013 13:44:06 +0100
Lines:	122
Message-ID:	<5274F396.A133C4CE@boland.nl>
Mime-Version:	1.0
X-IsSubscribed:	yes