Best Practice for file ownership and permissions?
Eric Blake
ericblake@comcast.net
Mon Feb 6 22:16:00 GMT 2006
> I frequently encounter problems due to file ownership and permissions
> for the "system" files in /usr, /bin, /sbin/ /etc, and so forth. For
> example, when I type
> su Administrator
> cygwin responds
> /usr/bin/su: /bin/bash: Permission denied
Not quite the answer to your original question, but re-read:
http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid
http://cygwin.com/ml/cygwin-announce/2006-01/msg00041.html
/usr/bin/su probably won't work for you, unless you have
granted your current user additional privileges not given
by default Windows installations. Give us a better example
of where you are getting failures.
Also, the getfacls and setfacls commands may be helpful
in diagnosing permissions problems; not only should you
check the permissions of /, but also of the drive and all
Windows directories leading up to where / is mounted
(usually c:\cygwin).
> What is the recommended user.group ownership for the important files
> in /bin, /sbin, /usr, /etc, and so on? What are the recommended
> permission bits?
I don't know that any particular configuration is recommended,
other than that if you use setup.exe, on the screen with the
"Install For" radio button, if you choose 'All users (RECOMMENDED)'
instead of 'Just Me', you tend to get the correct permissions
naturally. In general, everything in /bin and /sbin should be
world readable and world executable, so ownership only
matters for protecting those files from writes. Some files
in /etc care about permissions, but in general, scripts like
ssh-user-config or cron_diagnose.sh exist to help you with
that. And the entire /usr subtree is usually world-readable.
One other thing - if the drive is FAT (on Win9x, or on WinNT
without the ntea option), or on FAT32 (regardless of options),
then permissions are faked and it really doesn't matter who
owns files.
--
Eric Blake
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list