X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=Aw8YJztvyCUqvA6xSu7yAeWQ4/yTnPSwrFjvW2quCxEknq0Pl+w43
	8u+SdUtlmNXxq7yMYI0VPOz73z99ESnKDWMTRb6iLM5kEnEKsApIMHFaCo4eOC+4
	v0CfeNN07XXJ3O/bUZrBp/o+6LAuRAl0VkDVlp3AxX8ia3UU2dnu8E=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=lI4sov8GR1EerY7xNnJCG8lwCb0=; b=SE/LUqJJejauy/SYtnMI4UJjWvC1
	v20br8Rdgk6ubVsBMEpQm1/JDKXVil/uengxRhWFuzoUrucJ4mYdW81jvYhusCsn
	kWZK1SeOdaWm76JH3vLmnItHnoShAeSP0M5qzf/YsXNqk9itVJKVAc8OiWMojgjH
	mWiMC60libQPru4=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Tue, 23 Jun 2015 12:09:49 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: cacls combination problem in 1.7.35, merging privs of existing file & privs of process
Message-ID: <20150623100949.GB9548@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <019E497FEC593443965FC4E5BB0F628C5AA08C74 AT SV950-MBX1 DOT corp DOT intusurg DOT com> <CAOBROv3gK-1GgBd6DaYK92Vt2L5ZPhymMxDGy-8rB0hGd6=VSg AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="qlTNgmc+xy1dBmNv"
Content-Disposition: inline
In-Reply-To: <CAOBROv3gK-1GgBd6DaYK92Vt2L5ZPhymMxDGy-8rB0hGd6=VSg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)

--qlTNgmc+xy1dBmNv
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi John,

On Jun 22 14:15, John Ruckstuhl wrote:
> On Sat, Jun 20, 2015 at 11:41 AM, John Ruckstuhl
> <John DOT Ruckstuhl AT intusurg DOT com> wrote:
> >
> > I'm noticing this summer, that whenever I try to edit an existing file =
with vi for the first time, the file's permissions change.  Could this be a=
 problem with merging permissions of existing file and permissions of the v=
i process?
>=20
> To clarify, for me, when the vi process is writing out a fresh file,
> the new file gets an acl ...

Yes, it's a combination of the POSIX permissions and the inherited
ACEs from the parent directory.

> Then when vi overwrites that file
> (presumably creating a new file with an acl per the merging of the
> existing acl and new-file acl, the result is different acl.  The file
> when first written -- execution via the shebang works.  When updated,
> something -- the file or the shebang -- doesn't execute anymore.
>=20
> I believe this is easily reproducible (1.7.35).  My umask is 0022.
>=20
> 1.  In vi, create 2 lines of content including a shebang, like this:
>         !# /usr/bin/sh
>         date
> 2.  write it out to a file, like try.sh
> 3.  execute it
>         ./try.sh
>     it works, right?

Not for me.

> 4.  write the file back out a 2nd time (no changes)
> 5.  execute it again
>         ./try.sh
>     but this time, it doesn't work
>         -bash: ./try.sh: Permission denied
> 6.  now delete the shebang line, and write the file out (3rd time)
> 7.  execute it again
>         ./try.sh
>     it works again.  Huh?
>=20
Nope, not here.

> So yes I am still puzzled about the acl diff between the 1st & 2nd
> file-write, and also it looks like it's a shebang interaction.
>=20
> FWIW, I think my user sid & group sid are different. See Footnote [3] bel=
ow.
>=20
> Best regards,
> John
>=20
> Footnotes
> [3]
> I claim user sid & group sid are different because id says:
>     uid=3D1158474(johnru) gid=3D1049089(Domain Users)
> groups=3D1049089(Domain
> Users),544(Administrators),545(Users),4(INTERACTIVE),66049(CONSOLE
> LOGON),11(Authenticated Users),15(This
> Organization),4095(CurrentSession),66048(LOCAL),1058289(Corporate
> Employees), ...
>=20
> and the RIDs are different (109898 !=3D 513) (btw, is this the accepted
> technique to get SID?):
>=20
>     C:\Users\johnru>wmic useraccount where name=3D'JohnRu' get sid
>     SID
>     S-1-5-21-25853599-488532567-929701000-109898

You can do this with Cygwin tools:

  $ getent -w passwd JohnRu
  JohnRu:1158474:INTSURG\JohnRu:S-1-5-21-25853599-488532567-929701000-109898

  The format is:

  Cygwin username:UID:Windows domain&username:SID

And of course your user account is different from your primary group.
They can only ever be identical on non-domain mamber machines when using
the "Microsoft Accounts", where you login with your email address.

>     C:\Users\johnru>wmic group where name=3D'Domain Users' get sid
>     SID
>     S-1-5-21-25853599-488532567-929701000-513
>=20
> >
> > Original cacls of file try2.txt:
> >     try2.txt INTSURG\johnru:(R,W,D,WDAC,WO)
> >              INTSURG\Domain Users:(R)
> >              Everyone:(R)
> >              NT AUTHORITY\SYSTEM:(F)
> >              BUILTIN\Administrators:(F)
> > Cacls after vi open & write back out (":wq")
> >     try2.txt INTSURG\johnru:(DENY)(S,X)
> >              INTSURG\johnru:(R,W,D,WDAC,WO)
> >              INTSURG\Domain Users:(RX,W)
> >              Everyone:(R)
> >              NT AUTHORITY\SYSTEM:(RX,W)
> >              BUILTIN\Administrators:(RX,W)

After I set up a directory with your permissions, I can reproduce this.
I have an idea what the problem is, but I have to debug this further.
Stay tuned.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--qlTNgmc+xy1dBmNv
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJViTBtAAoJEPU2Bp2uRE+gCy4QAKWmvMtUs+9WmnqGCd9W3hbK
yYd35II2wMtS5HojIY44f2RlDtu+n9v2LH6tsIhHNgpdlnaXnwiEf2azUFLLRdwe
h6kuTkUtirEZihuk44IHINkhfTv8nFevOCt132uOljnwA6nD9HZwc0UHgrn5ro+/
MtR7XtzFYOEKtC0bdMPx0M0902ftiJnANhVCmCQM+oEy0ucLa36yT6rvNTR+3fGG
D3gP+bRPNqODlcgJ/cp9HxOTpVDlXksGCIWu0DMXgo/kbaESFjoeF3qYNl/F8n4e
ccIyIoh3MEfvKQGiEL9D5erlBnaurULCz8572oLKDiyFrHL5ehKXQHoCwtchsb5A
vFuBG8f/VI9G8vqC8bN+F/HTZEStED7qfG6BonZQrHHuzfyjiBQZNX/99XZV2ptm
aFQjYwmAwKaxLXAB6YY5Osezkrd+bG+7JB8uDmr6upMA3G/RGmx9nH7sSLEF4MOg
FpTjO1gTGsnqsXP7MMFsWV+Q27UtJ20N1o+M6FNoA3gKriWiO3Cmuu2edeCaES1K
ZNErCqB8vxRbGfBWAynyrwmKrTuypa4HWA0mXXCcnihHxzgyaBjktR0ZPS3x02Ch
zGSQNK0tAt/8bSkbLlycRzgXmxJgwVvWtuEWLr/rtAPVTlvaJvawqSNX50AKjUio
Q5Ptd1sH3bAgg6E909jM
=hsd2
-----END PGP SIGNATURE-----

--qlTNgmc+xy1dBmNv--