Weird issue with file permissions
Lavrentiev, Anton (NIH/NLM/NCBI) [C]
lavr@ncbi.nlm.nih.gov
Fri Jul 1 05:46:44 GMT 2022
Hi all,
I am having an issue with socket file permissions...
So here's a mockup of code that shows the problem:
$ cat sun.c
#include <stdio.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/un.h>
#define SOCKET "./.socket"
int main()
{
struct sockaddr_un addr;
struct stat st;
mode_t u;
int s;
/* create a UNIX socket */
if ((s = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
perror("socket");
return 1;
}
memset(&addr, 0, sizeof(addr));
addr.sun_family = PF_UNIX;
strcpy(addr.sun_path, SOCKET);
unlink(SOCKET);
u = umask(0);
if (bind(s, (struct sockaddr*) &addr, sizeof(addr)) != 0) {
perror("bind");
return 1;
}
umask(u);
if (fchmod(s, 0666) < 0)
printf("fchmod: %m\n");
if (fstat(s, &st) < 0) {
perror("fstat");
return 1;
}
printf("fstat mode = %03o\n", st.st_mode);
if (stat(SOCKET, &st) < 0) {
perror("stat");
return 1;
}
printf("stat mode = %03o\n", st.st_mode);
return 0;
}
$ gcc -Wall -o sun sun.c
Now, if I run this code in my Cygwin home directory (and any directory that I create using "mkdir..." under it),
I am getting the expected results:
$ ~/sun
fstat mode = 140666
stat mode = 140666
$ ls -l .socket
srw-rw-rw-+ 1 ANTON None 0 Jul 1 01:19 .socket=
However, if I run it elsewhere (different drive "cd /cygdrive/g/cygwin" -- it's NOT where Cygwin is installed,
just a folder that keeps files for Cygwin development, the installation is on C:\Cygwin64), I cannot predict
the results. What's weird is that fstat and stat report different file modes.
$ pwd
/cygdrive/g/cygwin
$ ~/sun
fstat mode = 140666
stat mode = 140666
$ ls -l .socket
srw-rw-rw-+ 1 ANTON None 0 Jul 1 01:24 .socket=
So all's good here, BUT:
$ mkdir subdir
$ cd subdir
$ pwd
/cygdrive/g/cygwin/subdir
$ ~/sun
fstat mode = 140666
stat mode = 140664
$ ls -l .socket
srw-rw-r--+ 1 ANTON None 0 Jul 1 01:25 .socket=
Note that fstat lied!
For some reason getfacl returns "Not supported", so I could not investigate with that, but I'm showing below
the icacls outputs for both /cygwin/g/cygwin and /cygdrive/g/cygwin/subdir with their .socket files, respectively.
At any rate, it looks like fstat, despite reporting the mode, wasn't actually able to bake it on disk
using those insanely complicated Windows permissions.
What's more insane, is that using the chmod command from shell, I'm able to change the permissions to 0666,
and it sticks:
$ pwd
/cygdrive/g/cygwin/subdir
$ chmod 0666 .socket
$ ls -l .socket
srw-rw-rw-+ 1 ANTON None 0 Jul 1 01:25 .socket=
Any insights will be highly appreciated!
Thanks.
$ pwd
/cygdrive/g/cygwin
$ icacls .
. BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
$ icacls .socket
.socket NULL SID:(DENY)(Rc,S,WEA,X,DC)
ANTON\ANTON:(R,W,D,WDAC,WO)
ANTON\None:(DENY)(S,X)
NT AUTHORITY\Authenticated Users:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
BUILTIN\Users:(DENY)(S,X)
ANTON\None:(RX,W)
NT AUTHORITY\Authenticated Users:(RX,W)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
BUILTIN\Users:(RX,W)
Everyone:(R,W)
$ cd subdir
$ icacls .
. NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
ANTON\ANTON:(F)
ANTON\None:(RX)
NT AUTHORITY\Authenticated Users:(RX,W,DC)
NT AUTHORITY\SYSTEM:(RX,W,DC)
BUILTIN\Administrators:(RX,W,DC)
BUILTIN\Users:(RX)
Everyone:(RX)
NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,WEA,X,DC)
CREATOR OWNER:(OI)(CI)(IO)(F)
CREATOR GROUP:(OI)(CI)(IO)(RX)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(RX,W,DC)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(RX,W,DC)
BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
BUILTIN\Users:(OI)(CI)(IO)(RX)
Everyone:(OI)(CI)(IO)(RX)
As created by the program:
$ icacls .socket
.socket NULL SID:(DENY)(Rc,S,WEA,X,DC)
ANTON\ANTON:(R,W,D,WDAC,WO)
ANTON\None:(DENY)(S,X)
NT AUTHORITY\Authenticated Users:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
BUILTIN\Users:(DENY)(S,X)
ANTON\None:(RX)
NT AUTHORITY\Authenticated Users:(RX,W)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
BUILTIN\Users:(RX)
Everyone:(R)
After chmod:
$ icacls .socket
.socket NULL SID:(DENY)(Rc,S,WEA,X,DC)
ANTON\ANTON:(R,W,D,WDAC,WO)
ANTON\None:(DENY)(S,X)
NT AUTHORITY\Authenticated Users:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
BUILTIN\Users:(DENY)(S,X)
ANTON\None:(RX)
NT AUTHORITY\Authenticated Users:(RX,W)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
BUILTIN\Users:(RX)
ANTON\None:(DENY)(W,DC)
BUILTIN\Users:(DENY)(W,DC)
Everyone:(R,W)
Anton Lavrentiev
Contractor NIH/NLM/NCBI
More information about the Cygwin
mailing list