This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: file attributes: cygwin (ls, chmod, chown, chgrp) versus XP


"Michael R. Wolf" wrote:

> Where can I get a simple (and current) description of the relationship between Unix file attributes (permissions, user, and group) and how that corresponds to XP file attributes?

The Cygwin Users Guide: <http://cygwin.com/cygwin-ug-net/ntsec.html>. 
The section labeled 'The mapping leak' gives an explicit example of how
a POSIX mode gets mapped to a set of NT ACLs.

>  I'd also like to know how to set/get them in cygwin and also XP.  I'd expect that to be chmod(1), chown(1), chgrp(1), id(1), ls(1), passwd(5), group(5), and the shell's file test operators (-r, -w, -x, -O, -G).

Those tools only set the traditional unix style ownership and
permissions.  The Windows security model is more expressive, so you can
also use {get,set}facl to access the extended permissions that don't fit
into the traditional "user/group/everyone" bins.

>  I only see a few attributes from the XP File Explorer (read-only, hidden, archive, system), but would expect much more.

You're looking at the wrong thing.  Those aren't ACLs, they're just file
attributes.  Are you by any chance using Windows XP Home?  That version
of Windows hides file ACLs from the user interface, but they still exist
on disk.  To see the ACLs in Explorer, right click on the file, select
Properties, then select the Security tab.  This is still a watered down
view of the ACLs, to see the full view click on the Advanced button. 
You should see a list of ACLs, such as "Administrators -> Full Control",
"Users -> Read & Execute" and so on.  cacls and xcacls also display
ACLs.

> I've noticed that the ls(1) output is different if I create a file with a cygwin utility or with an XP utility.  Specifically:
> 1. What does the "+" mean in the 11th column after the standard 1-column type and 9-column permission fields?

This is explained in the documentation for ls:

$ info coreutils ls 2>/dev/null | grep -A4 'extended access control
list'
     For a file with an extended access control list, a `+' character is
     listed.  Basic access control lists are equivalent to the
     permissions listed, and are not considered an alternate access
     method.

Remember that for GNU projects the man page is considered a summary
only, and the full documentation is in texinfo.  The '+' essentially
means that there are ACLs that cannot be mapped into the traditional
unix "user/group/everyone" "r/w/x" bins.  You can see them with getfacl.

> 2. Why are default permissions different if the file is created with cygwin and XP?  I understand that cywing will try to create them with 666, modulated by the umask of 0022, yeilding a default of 644, but how the heck does XP come up with "700+" (my interpretation of "rwx------+")?

POSIX/Cygwin programs create files with an explicit mode, as dictated by
the umask.

Windows programs do not traditionally care about ACLs, and they tend to
specify a default value to the file APIs which means they inherit a set
of ACLs from their container, which in the case of a file is its
directory.  You can see this in the Explorer UI as there is a column
labeled "Inherited From".  And likewise if that directory was created by
a Windows program it probably inherited its default ACLs from its parent
directory, going all the way back to the root drive which had its
default ACLs set when the filesystem was created.

This is of course a generalization, as inheritance is optional (you can
see the checkmark in the Explorer UI labeled "Inherit from parent ....")
and Windows programs can create files using any arbitrary set of ACLs if
they desire.  The behavior is thus program-specific, but you can
generalize: the vast majority don't care and specify a default value
which causes them to be inherited.

> In addition, I can't get group information to show up in ls(1) output.  The -G flag to suppress it has no effect, and seems to always be active.

You have to set up your groups file correctly if you want to see
symbolic group names instead of numeric ones.

> It seems like these would be an important topics to reference in the ls(1) and chmod(1) man pages, and also in the (seemingly outdated) documentation of File Permissions (http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files).

It's not outdated unless you're using 1.7, which has its own version of
the Users Guide.

> Have there been significatnt changes to cygwin since NT to accomodate XP?  I don't even know if the NT and XP filesystems are similar enough that I can rely on documentation that discusses NT vs cygwin.

NT is a generic term, meaning any version of Windows that's not
95/98/ME.  When the users guide talks about NT permissions it means
NT/2K/XP/2k3/Vista/2K8.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]