X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Mon, 2 Jul 2012 18:04:52 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: I'm having problems with cygwin 1.7 and ACL handling.
Message-ID: <20120702160452.GB29450@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <0260B13BA0AA1A4693F4245FC28FD77705EC62CC1C AT CVL-SVR-002>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <0260B13BA0AA1A4693F4245FC28FD77705EC62CC1C@CVL-SVR-002>
User-Agent: Mutt/1.5.21 (2010-09-15)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Note-from-DJ: This may be spam

On Jul  2 17:56, Mark Lommers wrote:
> Hi,
> 
> I'm having problems with cygwin 1.7 and ACL handling.
> 
> I do some software development and for the software I write I also create unit tests. Those unit test are run automatically in a cygwin environment triggered by a build system. Now I'm updating the machines on which the unit tests are running, from windows XP to Windows Server 2008 and from cygwin 1.5 to cygwin 1.7. Since this update some unit tests are failing. 
> 
> All the failing unit tests have in common that they do something with ACL:
> 
> For some test we change the access control list like:
> 
>       acl.AddAccessRule(new System.Security.AccessControl.FileSystemAccessRule(WindowsIdentity.GetCurrent().Name
>         , System.Security.AccessControl.FileSystemRights.FullControl
>         , System.Security.AccessControl.AccessControlType.Deny));
>        SandboxedDirectory.SetAccessControl(acl);
> 
> Then in the test we try to create a directory inside the sandboxed directory and check that the right exception has been thrown because it shouldn't be able to do so. 
> 
> 
> On windows XP with cygwin version 1.5 everything was working OK
> 
> Now we are upgrading to windows server 2008 so we also need to update to cygwin 1.7, the test are starting to fail, because they are able to create directories in the sandboxed directory.
> 
> I know/read that from cygwin 1.7 cygwin uses mount point with corresponding acl/noacl flags and no longer using the ntsec and nontsec flags in the CYGWIN environment variable.
> 
> I tried to change the mounting point to set noacl and acl but this didn't had any effect.
> 
> On the OLD xp machines with cygwin 1.5 the CYGWIN variable was set to nontsec
> 
> In CMD prompt test run fine.
> In a bash prompt test fail.
> In a cmd prompt started from a bash prompt test also fail.
> 
> Not running in a cygwin environment is not an option for now!
> 
> Any Idea what to do?

Are you running the tests under an elevated admin account?  If so, the
reason you are able to create dirs is that the SE_BACKUP_NAME and
SE_RESTORE_NAME user privileges are enabled when running in a Cygwin
environment.

Don't run the affected tests from an elevated session or strip the
privileges from the user token using the cygdrop tool from the cygutils
package when running these tests.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple