X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:content-type
	:content-transfer-encoding:mime-version; q=dns; s=default; b=WLa
	gyvRUL56aBF+EBvwIVJZDjGzTgf0z1V71x7Hdt0MJjh2T6DbkeI2wyFGe4Wc53Mo
	vxlqZ6Ikcf03KnK2//jyYZuVKuVHgYPzNkEIDPOCaV9+1pjZPxqsPhTFm9T/BnFX
	bz/S0IzHWVY/kt1xPpYAhjaCm5z9v3A7QjArzmtk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:content-type
	:content-transfer-encoding:mime-version; s=default; bh=IDgzl6ln4
	hxq3b+U7O1IqX9/418=; b=Geiyvpz/daTm1CfwhxPg0dHWdnm0Q0HEYUy2BtjNM
	RH4Cslgf+Q/FEhHqX3tYw33t3oDOnNAt618I28f00PlXnOEs3hrkCFri97haQRaI
	rD7m7Q7+ZZ1ZCcB67Uudgylnp9qrqidnIu2nE975/6tZGDwcbojwXK83ztzQ6W43
	3Y=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=Community, H*RU:15.1.466.34, H*r:15.1.466, H*r:ip*15.1.466.34
X-HELO: mail.knapheide.com
Authentication-Results: mail.knapheide.com; spf=None smtp.pra=eduesterhaus AT knapheide DOT com; spf=None smtp.mailfrom=eduesterhaus AT knapheide DOT com; spf=None smtp.helo=postmaster AT mail DOT knapheide DOT com
Received-SPF: None (mail.knapheide.com: no sender authenticity  information available from domain of  eduesterhaus AT knapheide DOT com) identity=pra;  client-ip=10.129.5.99; receiver=mail.knapheide.com;  envelope-from="eduesterhaus AT knapheide DOT com";  x-sender="eduesterhaus AT knapheide DOT com";  x-conformance=sidf_compatible
Received-SPF: None (mail.knapheide.com: no sender authenticity  information available from domain of  eduesterhaus AT knapheide DOT com) identity=mailfrom;  client-ip=10.129.5.99; receiver=mail.knapheide.com;  envelope-from="eduesterhaus AT knapheide DOT com";  x-sender="eduesterhaus AT knapheide DOT com";  x-conformance=sidf_compatible
Received-SPF: None (mail.knapheide.com: no sender authenticity  information available from domain of  postmaster AT mail DOT knapheide DOT com) identity=helo;  client-ip=10.129.5.99; receiver=mail.knapheide.com;  envelope-from="eduesterhaus AT knapheide DOT com";  x-sender="postmaster AT mail DOT knapheide DOT com";  x-conformance=sidf_compatible
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2DSAwDo4i5a/2MFgQpbHAEBAQQBAQoBA?= =?us-ascii?q?YVGtiOCFQqKcBYBAQEBAQEBAQGBCAuFY1EBPkImAQQbDLR1inAmg2iDYYFpiDS?= =?us-ascii?q?FbiAFijqJR48QgXiTIIIfih+HLpZegTsmDYF0b4J5hFSJQoEVAQEB?=
X-IPAS-Result: =?us-ascii?q?A2DSAwDo4i5a/2MFgQpbHAEBAQQBAQoBAYVGtiOCFQqKcBY?= =?us-ascii?q?BAQEBAQEBAQGBCAuFY1EBPkImAQQbDLR1inAmg2iDYYFpiDSFbiAFijqJR48Qg?= =?us-ascii?q?XiTIIIfih+HLpZegTsmDYF0b4J5hFSJQoEVAQEB?=
From: Eric Duesterhaus <eduesterhaus AT knapheide DOT com>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject: Files created in cygwin on fileshare no longer allow "delete" in NTFS
Date: Mon, 11 Dec 2017 19:58:28 +0000
Message-ID: <059e3621048b4ee68257b6bfb0ae1053@knapheide.com>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id vBBJwhKj004645

Hi Cygwin Community,

We are currently encountering an issue with Cygwin in regards to NTFS permissions on files created within Cygwin.  I'll try to outline my issue with specifics.

1.  There is a windows file server mapped to M:\ on the a windows computer running Cygwin.

2.  There is an active directory group that has "Modify" level permissions  on this file share (In NTFS, Modify includes explicit "delete" rights)

3.  "User1" and "User2" are both members of the aforementioned AD group.

4.  A file is created in /cygdrive/m/filepath/ through Cygwin being run as "User1".

5. "User2" attempts to delete this file.  It does not work (access denied).  

6. Upon further inspection of this file's ACL, the AD group with Modify level permissions now only has "read, write, execute" permissions, which, using windows "Effective Access" tool shows that the checkbox that assigns "delete" rights is no longer checked for this group.


I tried using getfacl on a file with the modify permission allowed to my AD group, then passed that file into setfacl with the -f option to overwrite the ACL of my created file.  From the NTFS point of view, my AD group still only has read/write/execute permissions instead of modify, which again, doesn't allow delete.

For information gathering I use the resultant file from getfacl to setacl -f on a file with "good" NTFS permissions, it overwrites the permissions and again, my AD group only has rwx and not "modify" permissions while looking at the ACL from windows.

How can I retain NTFS "delete" rights for my users and groups on files created by Cygwin?
 
Eric 


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple