X-Spam-Check-By: sourceware.org
Date: Tue, 10 Jan 2006 09:13:15 -0500 (EST)
From: Igor Peshansky <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
Subject: Re: permissions and ACLs
In-Reply-To: <43C3BE55.6070009@juno.nrl.navy.mil>
Message-ID: <Pine.GSO.4.63.0601100907560.19223@slinky.cs.nyu.edu>
References: <43C3BE55 DOT 6070009 AT juno DOT nrl DOT navy DOT mil>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Tue, 10 Jan 2006, Ken Senior wrote:

> Cygwin gurus,
>
> Frustrated by permission problems resulting from having two accounts
> with the same user name (one domain, one local) I decided to start over
> with my cygwin installation.

Instead of simply changing one of the usernames as I suggested...  Way to
go.

> This time, I logged in as local administrator (account name say
> admin AT local) and installed cygwin as this user.  Then, to make sure I
> could read and use cygwin from my domain account I used the Windows ACLs
> to also grant my domain account "Full Control" to all the files in
> C:\cygwin.  Thus, both my admin AT local (local admin) and my admin AT domain
> (domain admin) have Full Control to files in C:\cygwin.  But, while
> logged in both as admin AT local and as admin AT domain I tried from Windows
> Explorer to delete a file and was informed that I do not have
> permission!  So, I launched the cygwin bash window (from admin AT local)
> and performed a chmod 777 on the file (which cygwin allowed) and STILL
> can't delete the file:
>
> admin AT local /usr/bin
> $ ls -la rsync.exe
> -rwxrwxrwx  1 senior Users 245248 Aug 18 03:56 rsync.exe
>
> admin AT local /usr/bin
> $ rm -f rsync.exe
> rm: cannot remove `rsync.exe': Permission denied
>
> admin AT local /usr/bin
> $

The ability to delete files in a directory is part of the permission bits
of the *directory*, not the individual files (unless the sticky bit is
set, and even then, only the owner of the file matters).

> I have read the documentation on NTSEC and from my limited understanding
> of it was able to glean that using the Windows ACLs was probably not the
> right way to grant access to the admin AT domain account.  What is the best
> way to allow access of cygwin to *all* administrators and can I repair
> this permissions on this installation?  Thanks again.

You can do it via Cygwin as well -- when you ran a chmod, did you forget
the directories?

> My CYGWIN environment variable is set to "CYGWIN binmode ntsec tty title
> server" and the /etc/passwd file follows.
>
> senior AT LOCAL /usr/bin
> $ less /etc/passwd
> SYSTEM:*:18:544:,S-1-5-18::
> Administrators:*:544:544:,S-1-5-32-544::
> Administrator:unused_by_nt/2000/xp:500:513:U-LOCAL\Administrator,S-1-5-21-484763869-1563985344-682003330-500:/home/Administrator:/bin/bash
> Guest:unused_by_nt/2000/xp:501:513:U-LOCAL\Guest,S-1-5-21-484763869-1563985344-682003330-501:/home/Guest:/bin/bash
> HelpAssistant:unused_by_nt/2000/xp:1000:513:Remote Desktop Help Assistant Account,U-LOCAL\HelpAssistant,S-1-5-21-484763869-1563985344-682003330-1000:/home/Hel
> pAssistant:/bin/bash
> admin:unused_by_nt/2000/xp:1003:513:U-LOCAL\admin,S-1-5-21-484763869-1563985344-682003330-1003:/home/admin:/bin/bash
> sshd:unused_by_nt/2000/xp:1020:513:sshd privsep,U-LOCAL\sshd,S-1-5-21-484763869-1563985344-682003330-1020:/var/empty:/bin/bash
> SUPPORT_388945a0:unused_by_nt/2000/xp:1002:513:CN=Microsoft Corporation,L=Redmond,S=Washington,C=US,U-LOCAL\SUPPORT_388945a0,S-1-5-21-484763869-1563985344-682003330-1002:/home/SUPPORT_388945a0:/bin/bash

I noticed that you have neither the local nor the domain "senior" account
in your /etc/passwd.  That may spell trouble.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/