X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=Qsv3rckSEqva9DC8 v+RrECP+LAmCig6mSbotfnccVksPz8lKL1nnltmBYQDmBMAIq2lqgapyBXeVP+aC +/8uUST3ixFiEJIfyNP5g65u2olwAAIIX/Vm7gTiZ5JgVicfTFVH0Gl74Kdru8f/ g8EFS+7rbT7p5EXRhgm/9CZhA1g= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; s=default; bh=vS7g2e7KLKAwCt2ZONciDE leLE8=; b=JrIlvRSbO8+nxjK1Np/4flz2l6qRHubs6jDpHzo1ui9cVdf3kFfihE sFaukqk/BztD4tN87HH91w0fbrijscU/HAR1CiSUQbkX2MQyzELbFCvHnMGEJ8oz pkwxb5LQi7dUJ16k/9xU1uFL93V/RJZafuVrcgoLJO2e1Gu9uwPFo= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=4.0 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtp.ht-systems.ru Date: Mon, 23 Nov 2015 14:08:02 +0300 From: Andrey Repin Reply-To: cygwin AT cygwin DOT com Message-ID: <89802969.20151123140802@yandex.ru> To: "Matt D." , cygwin AT cygwin DOT com Subject: Re: No support for ACLs on network shares? In-Reply-To: <5652E58A.2030605@codespunk.com> References: <5652E58A DOT 2030605 AT codespunk DOT com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Greetings, Matt D.! > I noticed today that when accessing a network share, the permissions for > the current user are not resolving. > For example, I'm connected to a network share //server/share which is a > CentOS share with a unix login/password. The share is already logged in > by Windows and on the keychain so I don't have to enter the login > information. > In Cygwin, 'cd //server/share' then 'ls -l' I get this: > drwxrwx--- 1 Unknown+User Unix_Group+1001 0 Nov 23 2015 test This looks like a share on a Linux(samba) server with no UID mapping active. > I'm already logged in through windows as the 'Unknown+User' but Cygwin > does not recognize that I have access to any of the ACLs for the owner > or groups and also does not resolve the SID name. This is really not Cygwin's fault. Windows does all the resolution here, Cygwin only relay that information to you. > The problem with this is that files created or modified are only done so > in the 'Everyone' permission and inherited permissions such as the > execute bit are not recognized. > My use-case is where I've mapped a network path to either a network > drive or a symlinked folder (with Windows mklink) with the path on the > environment's PATH. In this case, files which are executable are not > recognized and do not appear when calling 'which'. > It seems as though Cygwin only maps ACLs to the SIDs stored in passwd > and group and cannot handle ACLs when accessing network devices where > SIDs are not present in these files. Running passwd/mkgroup after the > share is on the keychain does not provide additional SIDs. > Is there no support for ACLs across network shares at all? There is. But in cases such as this, when two hosts are not parts of the same domain, you are bound to get weird behavior in the strict security context. You may try defer default ACL resolutions to Windows. Edit your /etc/fstab, add the 'noacl' flag to a 'cygdrive' mount. -- With best regards, Andrey Repin Monday, November 23, 2015 14:03:38 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple