X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; q=dns; s=default; b=LS/p3W7T3ddOBRvPimAZDeZsI0df7cVh4LJH31yfTJW gXSIhdWQGqnmS0iYMaKmVlHNZmusIEUMJLHg8/GKQM0w8+4DVhcqCCvsaClwwazy YMJdh3nwAWH7ecum+A5FWnKjDIWkmeakJQV7Cg6ry8onhJ54Rb9jnkfKhktg9Yw0 = DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; s=default; bh=oxM0TdgMtgA3dyyVn/3Mw1rLKAU=; b=yzfsrK+Y6ddsQp/WC vXgXdGv+deJ0dSapi8K0DsjWmfXLAGLoW/pAcpxbSXKlG+kHw9V2qrlnOHWubvzg ZQ/2pbaXCYWcEvqQ9xGLLbU+9N0WGNecDKmtzwIbAHDpXpVWrw69mYnnnrme2nna 6WF9s8wYzad7IoLbjLyGbj+ekU= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: Ishtar.hs.tlinx.org Message-ID: <551061BC.1020005@tlinx.org> Date: Mon, 23 Mar 2015 11:55:56 -0700 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: cygwin 1.7.35 reads file permissions differently, affects broken apps References: <20150323091056 DOT GC3017 AT calimero DOT vinschen DOT de> In-Reply-To: <20150323091056.GC3017@calimero.vinschen.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-IsSubscribed: yes Corinna Vinschen wrote: >> cygwin-1.7.32 $ ls -l >> -rwx------+ 1 LocalService Domänen-Benutzer 1932 15. Aug 2014 >> fetchmailrc.txt >> >> cygwin-1.7.35 $ ls -l >> -rwxrwx---+ 1 LocalService Domänen-Benutzer 1932 15. Aug 2014 >> fetchmailrc.txt >> >> Now, there are group permissions set. For me it breaks fetchmail, because >> fetchmail only runs when the config file is owned by the user running >> fetchmail (LocalService in my case, a system user I never can login with) >> and with max 0700 permissions. --- I can confirm this bug exists in linux and is also present in other mis-designed apps. It's not cygwin specific. Ishtar:law> llg .fetchmailrc -rwx------ 1 law lawgroup 1103 Dec 14 13:49 .fetchmailrc* Ishtar:law> chmod g+rw .fetchmailrc > fetchmail File /home/law/.fetchmailrc must have no more than -rwx------ (0700) permissions. > sudo fetchmail fetchmail: WARNING: Running as root is discouraged. File /home/law/.fetchmailrc must have no more than -rwx------ (0700) permissions. Another example: > sudo lilo Warning: /etc/lilo.conf should be writable only for root Added 3185-Isht-Van Added 3173-Isht-Van * One warning was issued. Ishtar:linux/ish-3192> llg /etc/lilo.conf -rw-rw-r-- 1 root root 3589 Mar 17 19:48 /etc/lilo.conf "ssh[d](re .ssh) , sudo (re sudoers), and I believe you thought ~/.rlogin also have this problem. It is a growing problem for those of us who manage security by group perms (I setup my linux box with 1 group per user several years ago to allow for Windows-security compatibility). For a while I was able to get around the problem with ACL's, but these days, more apps are becoming ACL-aware. Maybe linux needs a new Discretionary-access security module, dup'ed off the current model, but with an extra set of dummy file permissions that can be configured to be returned when run under a specified list of program names. Hmmm...I like it! -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple