This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Best Practice for file ownership and permissions?


> I frequently encounter problems due to file ownership and permissions
> for the "system" files in /usr, /bin, /sbin/ /etc, and so forth.  For
> example, when I type
> 	su Administrator
> cygwin responds
> 	/usr/bin/su: /bin/bash: Permission denied

Not quite the answer to your original question, but re-read:
http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid
http://cygwin.com/ml/cygwin-announce/2006-01/msg00041.html

/usr/bin/su probably won't work for you, unless you have
granted your current user additional privileges not given
by default Windows installations.  Give us a better example
of where you are getting failures.

Also, the getfacls and setfacls commands may be helpful
in diagnosing permissions problems; not only should you
check the permissions of /, but also of the drive and all
Windows directories leading up to where / is mounted
(usually c:\cygwin).

> What is the recommended user.group ownership for the important files
> in /bin, /sbin, /usr, /etc, and so on?  What are the recommended
> permission bits?

I don't know that any particular configuration is recommended,
other than that if you use setup.exe, on the screen with the
"Install For" radio button, if you choose 'All users (RECOMMENDED)'
instead of 'Just Me', you tend to get the correct permissions
naturally.  In general, everything in /bin and /sbin should be
world readable and world executable, so ownership only
matters for protecting those files from writes.  Some files
in /etc care about permissions, but in general, scripts like
ssh-user-config or cron_diagnose.sh exist to help you with
that.  And the entire /usr subtree is usually world-readable.

One other thing - if the drive is FAT (on Win9x, or on WinNT
without the ntea option), or on FAT32 (regardless of options),
then permissions are faked and it really doesn't matter who
owns files.

--
Eric Blake

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]