X-Spam-Check-By: sourceware.org
From: ericblake AT comcast DOT net (Eric Blake)
To: arnstein AT pobox DOT com, cygwin AT cygwin DOT com
Cc: David Arnstein <arnstein AT panix DOT com>
Subject: Re: Best Practice for file ownership and permissions?
Date: Mon, 06 Feb 2006 22:08:20 +0000
Message-Id: <020620062208.13737.43E7C8D4000158FB000035A922070208530A050E040D0C079D0A@comcast.net>
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

> I frequently encounter problems due to file ownership and permissions
> for the "system" files in /usr, /bin, /sbin/ /etc, and so forth.  For
> example, when I type
> 	su Administrator
> cygwin responds
> 	/usr/bin/su: /bin/bash: Permission denied

Not quite the answer to your original question, but re-read:
http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid
http://cygwin.com/ml/cygwin-announce/2006-01/msg00041.html

/usr/bin/su probably won't work for you, unless you have
granted your current user additional privileges not given
by default Windows installations.  Give us a better example
of where you are getting failures.

Also, the getfacls and setfacls commands may be helpful
in diagnosing permissions problems; not only should you
check the permissions of /, but also of the drive and all
Windows directories leading up to where / is mounted
(usually c:\cygwin).

> What is the recommended user.group ownership for the important files
> in /bin, /sbin, /usr, /etc, and so on?  What are the recommended
> permission bits?

I don't know that any particular configuration is recommended,
other than that if you use setup.exe, on the screen with the
"Install For" radio button, if you choose 'All users (RECOMMENDED)'
instead of 'Just Me', you tend to get the correct permissions
naturally.  In general, everything in /bin and /sbin should be
world readable and world executable, so ownership only
matters for protecting those files from writes.  Some files
in /etc care about permissions, but in general, scripts like
ssh-user-config or cron_diagnose.sh exist to help you with
that.  And the entire /usr subtree is usually world-readable.

One other thing - if the drive is FAT (on Win9x, or on WinNT
without the ntea option), or on FAT32 (regardless of options),
then permissions are faked and it really doesn't matter who
owns files.

--
Eric Blake

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/