This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Security Settings for directories created in Cygwin (+ executable bit on files)


On Aug  8 10:39, Sebastien Vauban wrote:
> Hello,
> 
> Currently, whenever I create new files from Windows 8 executables (such
> as Notepad), they're often flagged as "executable", even for text files!

Perfectly normal.  This is Windows default behaviour for applications
which don't care for permissions.  Like Notepad for instance.

> I've noticed that such a behavior happens when I create a new file in
> a directory that has been made FROM CYGWIN (`mkdir ~/test/', for
> example).
> 
> Indeed, the permissions of CYGWIN-CREATED DIRECTORIES seem very weird:
> 
> - "Inherited from"... "None"!

Perfectly valid.  This has been discussed already years ago.  It's the
Windows(!) default primary group for users on a standalone machine (not
domain member machine).  It's the local group with RID 513, called "None"
on english language systems.

> - "All Users" having "Read & Execute" permission on "this folder,
>   subfolders and FILES"...

Correct.  Compare with Linux.

> IIUC, when creating a new file from Cygwin, the `umask' (022, in my
> case) is respected and new files are not executables then, except if
> I require it explicitly (via `chmod').

Right, because Cygwin follows the POSIX permission model, unless
you use the noacl mount flag.

> Though, when creating a new file from a Windows executable, Windows
> inherits permissions from the folder where my file gets created --
> hence, an executable permission if the directory was created from
> Cygwin...
> 
> How to correct that?

You can't without lots of fiddeling.  Windows executables use Windows
permissions and typically inherit the permissions from the parent
folder.  The best way to workaround this is by using a Cygwin
executable to generate the files, vim or emacs instead of notepad.

> Asking Cygwin to stop playing with the Windows ACL, by mounting my
> personal directories as "noacl"?  Well, that means I won't be able to
> use `chmod' anymore, for setting a script file as "executable", then.
> And I'll have to use a Windows tool to do so, such as `cacls'.
> 
> Is it really so, the integration of Cygwin permissions within Windows?
> Or do I miss something?

You're just missing that the integration is one-way.  Non-Cygwin Windows
executables give a damn for Cygwin settings.  Sorry :}


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpkabcriwgxL.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]