7

We have complaints "from the field" (i.e. from sysadmins installing software) that cygwin "messes up" windows permissions on NTFS (Windows 7/10/2008/2012, etc).

Problem Usecase

The general usecase is this:

  • Sysadmin launches some 'software installer' from the cygwin bash cmd line
  • Installer runs fine
  • Sysadmin tries to start windows services

Result: Service fails to start

Workaround Steps

These steps seem to get past the problem:

  • Sysadmin resets ntfs permissions with windows ICACLS command : (in this example "acme" is the newly created directory. This command sets acme and its children to re-inherit permissions from folder "d:\instances"

    d:\instances> icacls acme /RESET /T /C /Q

  • Sysadmin starts service

Result: Windows service starts

Question

  • What makes cygwin handle permissions for newly-written files differently than powershell? Is it a matter of a wrong version of umask?
  • Can the sysadmin take steps in advance to ensure cygwin sets up permissions properly?

thanks in advance

user331465
  • 2,984
  • 13
  • 47
  • 77
  • an example of icacls output for broken and correct file could provide some hint. Are you sure the user is the same for installation from cygwin and power shell ? – matzeri Apr 01 '17 at 13:11
  • I'm 90% sure that "problems occur only if User X installs from cygwin, however, problems result if UserX uses powershell". I also know that we've seen issues with another usecase: a) "UserX installs from cygwin" and b) "User Y can't delete files because UserX owns them". – user331465 Apr 01 '17 at 15:15
  • The chapter "File Permissions" on http://www.cygwin.com/cygwin-ug-net/ntsec.html explains, why Cygwin does an ordering of ACLs, which is not canonical. It is neither breaking anything nor against the definition. It is the only way to map Posix permissions to ACL. – FelixD Mar 08 '21 at 17:44

2 Answers2

6

I found the answer here; it refers to this mailing-list letter.

You need to edit Cygwin's /etc/fstab and add "noacl" to the list of mount-options.

ulatekh
  • 1,311
  • 1
  • 14
  • 19
  • 2
    You should post the solution here (and keep the references as well), because the *URL*s might change / disappear, and if that happens the answer would become invalid. – CristiFati Jan 02 '20 at 10:45
  • Be aware that setting "noacl" will not allow Cygwin to use Posix file permissions like executable bits. I.e. you're cutting down Cygwin/Posix functionality and may run into problems with Cygwin tools. – FelixD Mar 08 '21 at 17:45
0

To add to the answer of ulathek here is the copy-paste of the two URLs:

First:

How to fix incorrect Cygwin permission in Windows 7

Cygwin started to behave quite strangely after recent updates. I was not able to edit files in vim, because it was complaining that files are read only. Even cp -r didn’t work correctly. Permission of new directory was broken and I was not able to remove it. Pretty weird behavior.

E.g. ls -l

total 2
----------+ 1 georgik None 34 Jul 14 18:09 index.jade
----------+ 1 georgik None 109 Jul 14 17:40 layout.jade

Hm. It is clear that something is wrong with permission. Even owner has no permission on those files.

Output of mount command:

C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto)

I found a solution at cygwin forum. It’s quite easy to fix it.

Open /etc/fstab and enter following line:

none /cygdrive cygdrive binary,noacl,posix=0,user 0 0

Save it. Close all cygwin terminals and start new terminal.

Output of mount:

C: on /cygdrive/c type ntfs (binary,noacl,posix=0,user,noumount,auto)

Output of ls -l

total 2
-rw-r--r-- 1 georgik None 34 Jul 14 18:09 index.jade
-rw-r--r-- 1 georgik None 109 Jul 14 17:40 layout.jade

Second:

7/14/2010 10:57 AM
> Drive Y is a mapping to a network location. Interestingly, ls -l
>> /cygdrive returns:
>>   d---------+ 1 ????????       ????????     24576 2010-07-09 11:18 c
>>   drwx------+ 1 Administrators Domain Users     0 2010-07-14 06:58 y
>>
>> The c folder looks weird, the y folder looks correct.
>>     
> Try ls -ln /cygdrive.  The user and group ownerships on the root of the
> C: drive are most likely not found in your passwd and group files.  The
> -n option for ls will print the user and group IDs rather than try to
> look up their names.  Unfortunately, I can't think of any way offhand to
> generate the passwd and group entries given only user and group IDs.
> Maybe someone else can comment on that.
>   

I think your answer is correct:
  $ ls -ln /cygdrive
  total 24
  d---------+ 1 4294967295 4294967295 24576 2010-07-09 11:18 c
  drwx------+ 1        544      10513     0 2010-07-14 11:45 y

I edited my /etc/fstab file (it contained only commented lines) and
added this line at the end of the file:
  none /cygdrive cygdrive binary,noacl,posix=0,user 0 0

I closed all my Cygwin processes, opened a new terminal and did an ls-l
on visitor.cpp again:
  -rw-r--r-- 1 cory Domain Users 3236 2010-07-11 22:37 visitor.cpp

Success!!! The permissions are now reported as 644 rather than 000 and I
can edit the file with Cygwin vim and not have bogus read-only issues.
Thank you Jeremy.

cory