On 2/9/2023 4:09 PM, Corinna Vinschen wrote:
Hi Norton,
On Feb 9 13:25, Norton Allen via Cygwin wrote:
On 2/8/2023 4:05 PM, Norton Allen via Cygwin wrote:
I briefly raised this issue months ago and am trying to resolve it again
now.
What I am trying to do is setup permissions so multiple users on one
machine can share full control over a particular directory hierarchy.
On Linux I have usually been able to make things work with:
$ mkdir shared_dir
$ chgrp shared_group shared_dir
$ chmod g+ws shared_dir
$ umask 2
User shells are configured with umask 2 so files they create have group
write. Users belong to shared_group. Files and subdirs created under
shared_dir are all in group shared_group. Files moved in retain their
original group, but the group members still have permission to rename or
delete them.
The problem:
$ chmod g+ws fails to set the 's' bit, and the resulting icacls output
does not contain any "NULL SID" entries. I am seeing the same problem on
(at least) two different systems setup by my organization. One of these
was just re-imaged and I installed Cygwin yesterday with no customized
configurations. AV is Windows Defender, but I suspect if that were the
culprit, there would have been more noise.
I suspect there might be a group policy or something that is interfering
with Cygwin's strategy for implementing POSIX permissions. I am pretty
sure this worked correctly at some point in the past.
Has anyone encountered this?
Does group policy seem like a likely suspect? Anyone know which
policy(ies)? I think I might be able to get IT to cut me slack if I knew
what to ask for.
I have also played with using setfacl directly to add permissions, but
as anyone who has read about Cygwin file permissions might guess, that
tends to have mixed/poor results, but I'd be open to any suggestions.
I don't actually have a system on which this is working to compare to, so I
am not exactly sure how it is supposed to look when it's working correctly.
The current behavior on my new uncustomized installation:
[...]
Any idea what g+s should be doing? Any more/better information I can
provide?
What you observe is a bug in Cygwin, plain and simple. Without going
into too much detail, part of the problem could never be observed with
older coreutils, which we had to live with for much too long in the
Cygwin distro. The newer coreutils handles permissions slightly
differently and that dropped the mask from the buggy code.
I applied a patch which, hopefully, fixes this problem (in fact, plural,
"these problems").
A new Cygwin test release 3.5.0-0.162.g498fce80ef33 is just being built
and should be up in an hour or so. You can simply install it via
Cygwin's setup tool as soon as it's on your favorite mirror.
If it works as desired, it will be part of the next Cygwin bugfix
release 3.4.6.
Thanks,
Corinna
Corinna,
The fix seems to work like a charm! And I am happy to be wrong about the
source of the problem.
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
