X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: mwoehlke <mwoehlke AT tibco DOT com>
Subject:  Re: Linux to Windows Rsync Permission Problems
Date:  Mon, 07 Aug 2006 15:54:23 -0500
Lines: 79
Message-ID: <eb899v$jjr$1@sea.gmane.org>
References:  <44D7841A DOT 8050206 AT freshstation DOT org> <eb82tr$tjk$1 AT sea DOT gmane DOT org> <44D799C7 DOT 6040100 AT freshstation DOT org>
Mime-Version:  1.0
Content-Type:  text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding:  7bit
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060719 Thunderbird/1.5.0.5 Mnenhy/0.7.4.0
In-Reply-To: <44D799C7.6040100@freshstation.org>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

(ugh, http://cygwin.com/acronyms/#TOFU... no fake meat for me, please!)

Jimmy McMillan wrote:
> mwoehlke wrote:
>> Jimmy McMillan wrote:
>>> I've had this problem for some time now, and just getting around to 
>>> doing something about it.  I'll keep the description as brief as 
>>> possible.
>>>
>>> I'm rsyncing from a linux server to a Windows XP machine's firewire 
>>> drive via SSH\cygwin\rsync.  The linux server pushs with the 
>>> following command.
>>>
>>> /usr/local/bin/rsync -e ssh --recursive --verbose --delete --force 
>>> --update /mnt/hd/mail_store/ 
>>> jackcorn AT 192 DOT 168 DOT 66 DOT 99:/cygdrive/i/backups/webs_data/
>>>
>>> 192.168.66.99 == My Workstation. (Windows XP + Cygwin)
>>> /cygdrive/i == 250GB firewire drive on my workstation. (NTFS)
>>> jackcorn == a Local user on my workstation.  (Didn't want to bother 
>>> with a domain account)
>>>
>>> it appears that any file owned by root once on it's NTFS filesystem 
>>> after the backup can be opened successfully.  However any file owned 
>>> by vpopmail:vchkpw cannot be opened.
>>> -rw-r--r--   1 root     root   167851 2005-10-04 15:33 byebye.sh
>>> -rwx--x--x   1 vpopmail vchkpw  55996 2005-06-28 14:44 clearopensmtp*
>>> (In this case I can open byebye.sh on the firewire drive after the 
>>> backup, but not the clearopensmtp)
>>>
>>> The only way I can access those files are to "Replace permission 
>>> entries on all child....yatta yatta" under the Advanced Security 
>>> Settings under windows.  However there are a couple hundred thousand 
>>> files in there and that can take some time.
>>>
>>> I've tried with the -g -o -p options with rsync and I've also tried 
>>> using CYGWIN=nontsec or CYGWIN=ntsec under the windows Enviro 
>>> Variables, with no luck.
>>>
>>> Is there anyway I can map the vpopmail user to a windows local user?  
>>> Or does anyone know what else to do?
>>
>> Well, first off, you don't have permission to read that file unless 
>> you are "vpopmail" (notice that only the owner has read permission?). 
>> Thus, you need to change the permissions to allow you to read it.
>>
>> Brute force solution #1 (assuming you can chown):
>> find . -user vpopmail -print0 | xargs -0 chown Administrator
>>
>> Brute force solution #2 (assuming you can chmod):
>> chown -R a+r .
>>
>> Both of those should be done on the backups ONLY - which would mean in 
>> Cygwin - as changing permissions on the computer using the files is a 
>> potential security risk (well, it's that on the backups, too, but I 
>> assume you feel comfortable with whatever safeguards you have against 
>> your backup drive being hacked into) and might cause programs to 
>> malfunction.
> 
> Matt, Thank, but I'd rather determine a way to preserve the perms by 
> using some type of ACL\UID exchange.  That way I don't have to doctor up 
> all the perms again if I have to restore from a backup.   It seems that 
> root\administrator have been mapped, hence the reason I can read root 
> owned files.

So you want to make a Windows user named 'vpopmail'? If you do that, and 
have done mkgroup and mkpasswd ('man' is your friend; so is searching 
the archives for these), and edited the respective files to match the 
UID/GID from Linux, then I would expect that 'vpopmail' can read the file.

If you are expecting any user OTHER then 'vpopmail' to be able to read 
the file, with the above permissions, I don't think that's going to 
happen (assuming you've verified that a member of Administrators is 
unable to read the file, and that an Administrators member really can't 
read it with the above permissions).

-- 
Matthew
And now back to your regularly scheduled e-mail.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/