X-Recipient: archive-cygwin@delorie.com
X-SWARE-Spam-Status: No, hits=-0.2 required=5.0 	tests=BAYES_40
X-Spam-Check-By: sourceware.org
Message-ID: <4D93AAF95CB5A64E8F622EC796ECF5AC08550845@exil.condat.de>
From: "Fischer, Tilman" <Tilman.Fischer@condat.de>
To: "'cygwin@cygwin.com'" <cygwin@cygwin.com>
Subject: chmod/chgrp ignores Windows ACL full control? (rm works fine)
Date: Tue, 9 Jun 2009 11:58:31 +0200
MIME-Version: 1.0
Content-Type: text/plain; 	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Hello all, Hi Corinna,

I get a 'Permission denied' for 'chmod' or 'chgrp' on a file using a
standard windows user with full access ('ls -l' shows: '-rwx------+ 1 admin
None'). According to 'getfacl' the user has the rwx-rights on the file and
there is no problem to move, copy or delete the file (with mv, cp, rm).
This seems like an inconsistent mapping of the Windows permissions.

Steps to reproduce:
1.) Create file 'test' belonging to an administrator in a folder C:\SPECIAL.
2.) Use a Windows group SPECIAL_USER_GRP with full control (Windows
Properties->Security tab) including inheritance (Advanced settings: Replace
permission entries on all child objects) on the folder C:\SPECIAL.
3.) A standard restricted normal user 'special_user' (only access allowed
permissions are used) is added to the SPECIAL_USER_GRP.
4.) Use 'chmod 774 test' with the 'special_user':
chmod: changing permission of `test=B4: Permission denied
5.) Use 'rm test' with the 'special_user' results in no problem. The file is
gone.

Please help me to set the shown group for 'ls -l' to the SPECIAL_USER_GRP
with the rwx-rights, without changing the inherited 'full control' from the
Windows ACL. Thanks in advance.

Sincerely, Tilman Fischer

PS: Links considered:
http://cygwin.com/cygwin-ug-net/highlights.html#ov-hi-perm
http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-aclfuncs
http://thread.gmane.org/gmane.os.cygwin/100351/focus=3D100359
http://thread.gmane.org/gmane.os.cygwin/103531/focus=3D103564
http://www.cygwin.com/ml/cygwin-developers/2005-08/msg00000.html
Microsoft Windows ACL full control:
http://www.microsoft.com/windowsxp/using/security/learnmore/accesscontrol.ms
px


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/