Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Draft-From: ("nnmh:indoos.cygwin" 2052)
To: cygwin AT cygwin DOT com
Subject: Re: login: no shell: /bin/bash: Permission denied
References: <20020306101433 DOT P13590 AT cygbert DOT vinschen DOT de>
	<m3pu2it2tb DOT fsf AT appel DOT lilypond DOT org>
	<20020306114133 DOT V13590 AT cygbert DOT vinschen DOT de>
	<m3lmd5ud36 DOT fsf AT appel DOT lilypond DOT org>
	<20020306174336 DOT A13590 AT cygbert DOT vinschen DOT de>
	<m36648iz6e DOT fsf AT appel DOT lilypond DOT org>
	<20020307101441 DOT M13590 AT cygbert DOT vinschen DOT de>
	<m3wuwohfx5 DOT fsf AT appel DOT lilypond DOT org>
	<20020307110237 DOT P13590 AT cygbert DOT vinschen DOT de>
	<m3it88h6l5 DOT fsf AT appel DOT lilypond DOT org>
	<20020307142021 DOT S13590 AT cygbert DOT vinschen DOT de>
Organization: Jan at Appel
Mail-Followup-To: cygwin AT cygwin DOT com
From: Jan Nieuwenhuizen <janneke AT gnu DOT org>
Date: Thu, 07 Mar 2002 14:54:21 +0100
In-Reply-To: <20020307142021.S13590@cygbert.vinschen.de> (Corinna Vinschen's
 message of "Thu, 7 Mar 2002 14:20:21 +0100")
Message-ID: <m3eliwh4aa.fsf@appel.lilypond.org>
Lines: 60
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Corinna Vinschen <cygwin AT cygwin DOT com> writes:

> I don't understand your example.  What's wrong?  Hmm, ok, I assume
> you expect a `Permission denied' when trying to ls 400/400, right?

Yes, sorry to be so implicit.

> This is not HE specific, it's default for all NT versions.  It's
> a user right called "Bypass traverse checking" which is by default
> given to everyone!  It means, when accessing a file, the system
> only checks your permissions on the file but not your permissions
> on the directories in the file's path.  No chance to do that 100%
> POSIX compliant since it's not in the responsibility of Cygwin to
> change user rights.  And we decided not to simulate that behaviour.
> Cygwin is already slow enough.

Ok, thanks.  Good to know that directory permissions on Windows NT are
pretty useless.  And no, it wouldn't make much sense to enforce POSIX
compliance artificially, imo.  If the kernel grants access, that's it.

    $ ls -dl 000 000/x
    d---------    0 fred     Geen            0 Mar  7 13:45 000
    -rwx------    1 fred     Geen           11 Mar  7 13:45 000/x
    $ cat ./000/x; ./000/x
    echo hallo
    hallo

>>     $ ls -l /cygdrive/c/autoexec.bak
>>     -rwx------    1 tom      Geen           18 Mar  7 12:55 /cygdrive/c/autoexec.bak
>>     $ cat /cygdrive/c/autoexec.bak
>>     Path=C:\WINDOWS;
>>     $ id
>>     uid=1009(fred) gid=513(Geen) groups=0(Iedereen),513(Geen),545(Gebruikers)
>
> Ok, check the *full* permissions using getfacl.  You'll be surprised,
> probably...  Don't forget that an ACL contains more than just three
> entries.

Indeed:

    $ getfacl /cygdrive/c/autoexec.bak
    # file: /cygdrive/c/autoexec.bak
    # owner: tom
    # group: Geen
    user::rwx
    group::---
    group:SYSTEM:rwx
    group:Administrators:rwx
    group:Gebruikers:r-x
    mask::---
    other::---

There are four groups getting group permissions.  Thanks for pointing
this out as well.

Jan.

-- 
Jan Nieuwenhuizen <janneke AT gnu DOT org> | GNU LilyPond - The music typesetter
http://www.xs4all.nl/~jantien       | http://www.lilypond.org


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/