delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2020/06/22/17:14:00

X-Recipient: archive-cygwin AT delorie DOT com
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org DAA893885C2A
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none)
header.from=SystematicSw.ab.ca
Authentication-Results: sourceware.org;
spf=none smtp.mailfrom=brian DOT inglis AT systematicsw DOT ab DOT ca
X-Authority-Analysis: v=2.3 cv=ecemg4MH c=1 sm=1 tr=0
a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17
a=IkcTkHD0fZMA:10 a=9I5xiGouAAAA:8 a=jChkm-x5hCMFubTIiR0A:9 a=QEXdDO2ut3YA:10
a=ztjZPAohYq4A:10 a=ARFN2YZ7Uv8kHtb7LS-q:22
Subject: Re: Files and folders created with invalid ACL
To: cygwin AT cygwin DOT com
References: <rco6vs$30d$1 AT ciao DOT gmane DOT io> <1335658627 DOT 20200622202035 AT yandex DOT ru>
<rcqs3o$1r8n$1 AT ciao DOT gmane DOT io>
<94fb9b46-a1e9-6a5c-f7af-9d8e43777a0d AT cs DOT umass DOT edu>
From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Autocrypt: addr=Brian DOT Inglis AT SystematicSw DOT ab DOT ca; prefer-encrypt=mutual;
keydata=
mDMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePa0
LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT6IlgQTFggA
PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW
AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO
WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDLg4BF6KcfMSCisGAQQBl1UB
BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAeIfgQYFggAJhYhBMM5
/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF
IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5
RSyTY8X+AQ==
Organization: Systematic Software
Message-ID: <4534cc0d-0e4c-b169-28c9-c658ef242dc6@SystematicSw.ab.ca>
Date: Mon, 22 Jun 2020 15:13:10 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <94fb9b46-a1e9-6a5c-f7af-9d8e43777a0d@cs.umass.edu>
X-CMAE-Envelope: MS4wfLqVZyM9wTW1GHPInpyemJS85Nza2ZBrnLYa2y4AM1AqdJ3eK/2vGJWQeYIjv2Us7gV7ihUwftzhFSvx4RvD/E3bXNroYjut67MBWNiD8Dw+kUl8+If+
NYxUp8YNaG7arkngrl6QqlTlvbiOEN/YcYkuuE5DBjRfbJXRbizDDmvjbMrkRKojCsyiRgREei30zQ==
X-Spam-Status: No, score=-10.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
KAM_LAZY_DOMAIN_SECURITY, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,
RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP,
URI_HEX autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <http://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <http://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Reply-To: cygwin AT cygwin DOT com
Errors-To: cygwin-bounces AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces AT cygwin DOT com>
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 05MLDfcE000819 

On 2020-06-22 13:59, Eliot Moss wrote:
> On 6/22/2020 2:08 PM, Thorsten Kampe wrote:
>> * Andrey Repin (Mon, 22 Jun 2020 20:20:35 +0300)
>>>
>>>> icacls test.txt /verify
>>>> test.txt: Ace entries not in canonical order.
>>>
>>> This is normal. All conformant drivers MUST be able to correctly process such
>>> ACL's. "Non-canonical" does not mean "invalid".
>>
>> `lsd` reports an error ("os error 1336"). But that might simply
>> be a result of the "non canonical order".
> 
> I agree; lsd seems to be being overly picky, not that you personally
> can do much about that.
> 
>>>> Interestingly the issue does not occur with files created in
>>>> the user's Cygwin home directory but - for instance - in the
>>>> Documents folder of the user's Windows profile.
>>>
>>>> This is a fresh Cygwin installation on a test system. Has
>>>> anyone found a solution?
>>>
>>>> [1]
> http://cygwin.1069669.n5.nabble.com/Issues-with-ACL-settings-after-updating-to-the-latest-cygwin-dll-td124123.html
> 
>>>
> 
>>> Needs more specifics.
>>> How did you set your fstab, particularly cygdrive prefix? Any extra mounts?
>>> How did you modify nsswitch?
>>
>> As I wrote, it's a "fresh Cygwin installation on a test
>> system" that means the phenomennon is observable directly after
>> the installation.
>>
>> I did some testing: files created in the user's home directory
>> (/home/Administrator), the home directory (/home) and other sub
>> directories don't show the issue.
>>
>> If I create a file or directory directly under / or anywhere
>> else on the drive, the issue occurs.
>>
>> If that would be the case on my main workstation, I would be
>> fine with that. Unfortunately on my main workstation the issue
>> occurs everywhere.
> 
> Maybe you took Andre slightly literally; rephrasing, what are your current
> fstab and nsswitch contents?  I would also ask, what do icacls and getfacl
> show on your / directory (the some that is the root of the hierarchy where
> things aren't working for you)?  It could be that fixing some entry there,
> and recursively, will get you to a good state.

Often setfacl -b on files may reduce the ACLs to simple canonical entries
u::rw[-x],g::r-[-x],o::r-[-x]

	.\$USER:(F)
	BUILTIN\$GROUP:(RX)
	Everyone:(RX)

but you have to be careful that the same operation on directories keeps the
DACLs d:u::rwx,d:g::r-x,d:o::r-x

	.\$USER:(F)
	BUILTIN\$GROUP:(RX)
	Everyone:(RX)
	CREATOR OWNER:(OI)(CI)(IO)(F)
	CREATOR GROUP:(OI)(CI)(IO)(RX)
	Everyone:(OI)(CI)(IO)(RX)

as if the DACLs get stripped, files created under those directories often have
*NO* permissions: making them create only directories.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in IEC units and prefixes, physical quantities in SI.]
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019