X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6716C3870853 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1592505191; bh=y0/q+VwblXWLqh2URb8C43x4VkHZUD8mS0lh9i6Hd3o=; h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=Kf9kgMBHarJVj23VxXCosaRkYDr3lnMfctW6I1pWOiDHKSRu3ngeg+ygaG/KytPUw YaJqN/+Cspuc7svVrPUNwmZ+w3rQzawSRzP1LTCJPrfRfEBQ8Jh8cueVkE3aPtFONI MMcqZoNbFD3Lv74PM+ac1P8N+1z4iLhPVOpsJXIw= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 970C03870853 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EwXoG9i4qUA7rrsK/2MirafNLFisTKpGZgowRNAtfnAMffJKWrF0f5r7npMNbLPF4Wr3r0kNl9Zz7rwfhJY6bbMHuKmQ8rVKp5L8i901LVWUHuBS21+IA0oA5g74zbwDRnzPyCaoM8aMHj2USFdaVCSl/yl5EtIEqfjSLDsPM+4DTV6N2jZ5ooBS2e3aMJ8k+R4NmF7Ufz/RcZ5PqbZyeIcCUMXCGYkP0IfmQBm3CPEy3SPEuJbQ3dmBR4RHMeW4fPTaDJVZWF45Brpxsz4XhbrJF5yqDpp7FbaDjYFIb7uaZGpLrQfWZEKMXJcc8bwsHByKV0XCSDh4MqbcEHKUFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WxbeXFeo6RI2IWmsT51aLnSf36RmKS16eSzp7sYc5t8=; b=aElnaE73cM3pCsTZl7ByuexDFFVV5/3eGixvk9oHv88VP+k+dvLiFb6uE24k56Kie5keGT8r61MMFItFba4ELt5PM6sPHVu460PuUAxSoAawNm7H8hFUz5fPx1Tlh5Sx6sMpvWNA3fGX+N8lf8AU4PsLpU+uC5/hLffBfgO3GgwPfIhkO5Z//zpmzmu7ZXbbjeExW6IKTalJKqSUDbjCqIYun9UMJ9xEYSd5JvYrIJBqqxMEkOagY27PL95lQosV4rf9Pz4ZjZ1vVfYvue/UClKsVOgPcv33GnciS2q9DzimGY0Fl7nfntgElZPIlw6bCreVuPonbo1ho8oierFxuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cornell.edu; dmarc=pass action=none header.from=cornell.edu; dkim=pass header.d=cornell.edu; arc=none Subject: Re: Is this a valid synopsis of Cygwin Permission Handling? To: cygwin AT cygwin DOT com References: <449yFRqoK6976Set DOT 1592496936 AT web12 DOT cms DOT usa DOT net> Message-ID: <9b794dcf-eadb-41c8-4e96-c6642d82d28f@cornell.edu> Date: Thu, 18 Jun 2020 14:33:01 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 In-Reply-To: <449yFRqoK6976Set.1592496936@web12.cms.usa.net> Content-Language: en-US X-ClientProxiedBy: CH2PR15CA0026.namprd15.prod.outlook.com (2603:10b6:610:51::36) To MN2PR04MB6176.namprd04.prod.outlook.com (2603:10b6:208:e3::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.0.17] (68.175.129.7) by CH2PR15CA0026.namprd15.prod.outlook.com (2603:10b6:610:51::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22 via Frontend Transport; Thu, 18 Jun 2020 18:33:03 +0000 X-Originating-IP: [68.175.129.7] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 569a74f3-da51-4f03-bc16-08d813b609a1 X-MS-TrafficTypeDiagnostic: MN2PR04MB6109: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 0438F90F17 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: enQtQeDvF2vBffthMs0U9usCxutHhchYsJbB/3/ArOkZzoghAIVR+vSpN2377AlBgOmP5hYPCWL607vv2WmwyN5GRdW0A4eq//SuBiJ0PM4d75oTX08rSRR7kWSQDasrTx1I6A5ChVfcYsnv9ik/l0vEMrx3Bh8mzhLqO0vZEFf/6kYzEGIr33Pch4dhaFy7O2qYfwJO4nKzoAkL6GxWxrwmsczSGTnCRPjV/Owo0HpVKg+ptRtcLN1lH00BiNIY7khANRTqfOrIstZgdwszRnx2eraOStGYblCVFgYx/57fvHBjtpknExSinBOgelKfYOj1IPJRcIjTP9EFzG9Q50bTSVCLdaFVzDHmO+f5xRFuFIASaMK+ru7IUPsO7bmpHxV57FSxyGW9vLOICNUwaWZWsDnRj6zXqKBjxYvilg3E+FvqdkaC8xeOQ6n94bbrAIXQRMwBHHR2RGuujMaFh6Itokv3Aeak2lOV2Ri/ydE= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR04MB6176.namprd04.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(346002)(366004)(376002)(39860400002)(396003)(186003)(16576012)(26005)(8676002)(316002)(53546011)(478600001)(786003)(2906002)(52116002)(75432002)(5660300002)(31686004)(6916009)(83380400001)(966005)(36756003)(66946007)(66476007)(66556008)(8936002)(6486002)(2616005)(16526019)(956004)(31696002)(86362001)(43740500002)(460985005); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: lmRwSx5rc+kbD+2DUgLg1WeS23LmeEbFxdyFprxcQA6oc8S8+0YczFH0CsxH9oi3TqkiQO2R9be1D7v/NbjT//PiD+GN7uy68gX4RVjSth4BMNiN3xbuY5F4aGbXRpi6bsVFJ2VlXwK7N2p1FRQ6AdGV75QcnIpBD7izm+Sw8LoU5IJXOeTPySxa+F4WIvn+OytkRmMkHsHuxTrehptDb80oY8VtzmtojvXpUhgZ5QkGoW1dhmdFlUzlBQc0nbhJYLmARXWR48334fZTTWUXZyBkZN71/RE0v/04EOK/84R5sfYvb0R3XBz6NT+8rWp7TvDM2JGaG3jkeIiIeVQiomHqcDTjVSScvZm7tk7fHzURIqJkjscOASOf/pyABhIYj+bkv1NebnJ5PlkfTiVDNZtIN1Bvmm059QE58r+exNyzO/lj0n2y8SCIh0qN2ShYcBQ2zYgQ/dOVUC4/IbKjFe+3l8aA5Igr43+pVt9gSt8= X-OriginatorOrg: cornell.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 569a74f3-da51-4f03-bc16-08d813b609a1 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jun 2020 18:33:04.5321 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 5d7e4366-1b9b-45cf-8e79-b14b27df46e1 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WYIX8UCwXii+EWarixyVjD1BZ57NFHOADlNxpQOoZIm+obkCsDxVojHdYzDoHGdUKigmc/taS6NLWvRooIlC3g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB6109 X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Ken Brown via Cygwin Reply-To: Ken Brown Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: cygwin-bounces AT cygwin DOT com Sender: "Cygwin" On 6/18/2020 12:15 PM, KARL BOTTS via Cygwin wrote: > > I wrote the following to a colleague in a private chat channel. Colleague is > pure Windows: knows little of cygwin or Linux. He helps me with hardware and > Windows. > > We had gotten the WinExplorer dialog saying: "The permissions on volume I: are > incorrectly ordered, which may cause some entries to be ineffective." This was > after I had run, with cygwin, 'chmod -R 777 .' in the root of that drive. > > I am not complaining, reporting a bug, or anything like that. I am only asking > the cygwin experts, whether my synopsis of cygwin permission handling, is > reasonably and logically correct. > > Thanks. > > > ################# > > Karl Botts, [18.06.20 09:17] > On that dialog box: I must confess, you should know: I may have caused that, > by running in root of I: drive, aka in I:/ : > > chmod -R 777 . > > I did that _after_ screwing around with WinExplorer security dialogs. Was not > getting anywhere, so I tried the chmod out of desperation. Probably should not > have. > > How cygwin works, with respect to permissions: > > When the first cygwin1.dll is launched (one is being loaded into a process, > and no other is loaded), it queries from WinDomainController, all security > info it can get. Including SIDs, ACLs, practically everything. That > cygwin1.dll builds, in shared memory private to cygwin, a database expressing > all that data, in Linux terms. That database emulates what a Linux kernel > reads from /etc/passwd, /etc/groups, more places, including other hosts. > > All cygwin processes started as descendants of that first process, are passed > pointer to that DB in shm. (That DB is built just once.) (Remember, in > Linux/cygwin model, every process is a child of some other process.) > Thereafter, that DB is almost all a cygwin process knows about perms. I think, > occasionally, it may call to DomainController again, or to refresh, but tries > to avoid that, because is very slow. (If every cygwin process queried > DomainController, would be unacceptably slow.) > > Problem is that emulation, Linux perms <==> Win perms, is not perfect. A few > concepts in each, unknown to other. > > In particular: in Win, the AccessControlEntries in an AccessControlList, must > be in a certain order, or the ACL is invalid. No such concept in Linux: all > orders valid. When ACL is invalid for that reason, WinExplorer is known to be > helpless, hence dialog above. Per cygwin mailing list, Win program > 'icacls.exe' can straighten that out. But requires extreme complex commands to > icacls; has varied over time; me not know exactly how to do it. So I get > stuck. > > What 'chmod -R 777 .' means is: Assign complete Read,Write,Execute perms, for > all of User,Group,Other, from current working dir (the .), recursively, all > the way down. To all files, all dirs, all everything. > > Those concepts of 'complete' and 'all' and 'recursively all the way down', do > not map perfectly to Windows. It seems to refuse to believe that intent. > Somehow, some ACLs wind up in 'wrong ACE order' state. WinExplorer now > helpless: you get that dialog. Snafu. > > I think I did that. I haven't read this carefully, but I did notice one inaccuracy. It's not true that the Windows ACEs must be in a certain order or the ACL is invalid. Windows prefers a certain order, in which case the ACL is called "canonical". But Windows deals perfectly well with non-canonical ACLs, even though Windows Explorer complains. See https://cygwin.com/cygwin-ug-net/ntsec.html for details, as well as for an explanation of why Cygwin sometimes produces non-canonical ACLs. Ken -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple