Can cygwin ls show ACLs without providing the DOS path to file? - cygwin

The commands
cd c:/p4
ls -ld . c:/p4 /cygdrive/c/p4
shows
d---------+ 1 jgunter Domain Users 0 Apr 27 18:41 .
d---------+ 1 jgunter Domain Users ? 0 Apr 27 18:41 /cygdrive/c/p4
drwxr-xr-x 1 jgunter Domain Users ? 0 Apr 27 18:41 c:/p4
ls shows the perms I want to see only for files specified with a C:/ path.
I know about getfacl, but I'm hoping there's some ls option that will show me what I want without requiring I spell out absolute paths.
I can do something like:
ls -ld `cygpath -da $#`
but when I'm in a deeply nested folder, the output is cluttered by full pathnames.

DOS path makes cygwin treat the file system as not having ACLs. It means that ls shows the correct ACLs, but the same directory is mounted with different options. Therefore ls doesn't have such an option, you need a workaround.
https://cygwin.com/cygwin-ug-net/ov-new1.7.html states at 1.7.2:
Handle native DOS paths always as if mounted with "posix=0,noacl"
Beside this, I think, that d---------+ is strange. I've tried it on my PC, with 1.7.31 cygwin version, and it shows drwx------+, which is a bit better. I had experienced other bugs and strange behaviour in cygwin ACL handling. I guess there is confusion and some hacks about this. chmod 777 was a good workaround in my case.

Related

Unable to write to a file with group permissions

We are getting the error "permission denied" when trying to write to a file that is owned by a service user and a shared group. In particular that is www-data:www-data and the user trying to write to it is in the group www-data.
There is no acl on none of the parent folders and the permissions to the file and folders are correct.
Here some details:
$ sudo -u deploy id -Gn
www-data
$ ls -lah /tmp
drwxrwxrwt 17 root root 4.0K Jul 11 11:22 .
drwxr-xr-x 23 root root 4.0K Jul 8 10:08 ..
...
-rw-rw-r-- 1 www-data www-data 0 Jul 11 10:50 test
...
$ echo 'hello world' | sudo -u deploy tee -a /tmp/test
tee: /tmp/test: Permission denied
hello world
we tried that on different folders and made sure there is no acl on any of the folders or parents or files...
Unfortunately that is not described in the link stark posted in the comment. And also not in any other page I found until I found an answer here on stackoverflow that clarified it.
2018 two new filesystem configurations got added to sysctl that should prevent regular files and fifos from beeing opened with the O_CREAT flag (as append mode is doing) in directories with the sticky bit set unless the user is the owner of the file. This commit added the settings: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30aba6656f61ed44cba445a3c0d38b296fa9e8f5
To change that behaviour you have to set fs.protected_regular to 0:
sudo sysctl fs.protected_regular=0
Or to persist the change add fs.protected_regular=0 to your sysctl.conf.
side node: since O_CREAT is not deleting or renaming the file I'm wondered why it is connected to the sticky bit. It really is possible to create a file in directories with the stick bit set.

How to use rsync properly to keep all file permissions and ownership?

I am trying to use rsync to backup some data from one computer (PopOS! 21.04) to another (Rocky 8.4). But no matter which flags I use with rsync, file permissions and ownership never seem to be saved.
What I do, is run this command locally on PopOS:
sudo rsync -avz /home/user1/test/ root#192.168.10.11:/root/ttt/
And the result I get something link this:
[root#rocky_clone0 ~]# ls -ld ttt/
drwxrwxr-x. 2 user23 user23 32 Dec 17 2021 ttt/
[root#rocky_clone0 ~]# ls -l ttt/
total 8
-rw-rw-r--. 1 user23 user23 57 Dec 17 2021 test1
-rw-rw-r--. 1 user23 user23 29 Dec 17 2021 test2
So all the file ownership change to user23, which is the only regular user on Rocky. I don't understand how this happens, with rsync I am connecting to root on the remote host, but as the result files are copied as user23. Why isn't -a flag work properly in this case?
I have also tried these flags:
sudo rsync -avz --rsync-path="sudo -u user23 rsync -a" /home/user1/test root#192.168.10.11:/home/user23/rrr
This command couldn't copy to the root directory, so I had to change the remote destination to user23's home folder. But the result is the same.
If someone could explain to me what am I doing wrong, and how to backup files with rsync so that permissions and ownership stay the same as on the local computer I would very much appreciate it.
Have a look at how the (target)filesystem is mounted on the Rocky(target) system.
Some mounted filesystems (such as many FUSE mounts) do not support the classical unix permissions, and simply use the name of the user who mounted the filesystem as owner/group.
Any attempt to chown/chmod/etc (either by you or by rsync) will just silently be ignored, but appear to "succeed" (no errors reported).

Two identical NFS shares, but only one of the two gives Stale file handle errors

I have a Linux (raspbian) server:
$ uname -a
Linux hester 4.19.97-v7l+ #1294 SMP Thu Jan 30 13:21:14 GMT 2020 armv7l GNU/Linux
With two directories that have the same user/group/permissions:
$ ls -ld /mnt/storage/gitea/ /mnt/storage/hester/
drwxr-xr-x 2 nobody nogroup 26 Mar 2 10:20 /mnt/storage/gitea/
drwxr-xr-x 3 nobody nogroup 21 Feb 21 11:26 /mnt/storage/hester/
These two directories are exported with the same parameters in the exports file:
$ cat /etc/exports
/mnt/storage/hester 192.168.1.15(rw,sync,no_subtree_check)
/mnt/storage/gitea 192.168.1.15(rw,sync,no_subtree_check)
On another machine (the 192.168.1.15 mentioned in the exports file) I mount both, successfully :
$ mount /mnt/storage/gitea/
$ echo $?
0
$ mount /mnt/storage/hester/
$ echo $?
0
But now weird things happen:
$ ls -l /mnt/storage/
ls: cannot access '/mnt/storage/gitea': Stale file handle
total 0
d????????? ? ? ? ? ? gitea
drwxr-xr-x 3 nobody nogroup 21 Feb 21 11:26 hester
I really can't figure
what's the source of the error, and above all
where I could look for a difference between the two.
I'm open to suggestions for further investigations or answers for the my doubts. Thanks in advance for any useful input!
I finally found the solution, which was to explicitly add an fsid option in exports:
$ cat /etc/exports
/mnt/storage/hester 192.168.1.15(rw,sync,fsid=20,no_subtree_check)
/mnt/storage/gitea 192.168.1.15(rw,sync,fsid=21,no_subtree_check)
I'm not entirely sure as to the reason why this works. From the man page I get that "NFS needs to be able to identify each filesystem that it exports. Normally it will use a UUID for the filesystem (if the filesystem has such a thing) or the device number of the device holding the filesystem (if the filesystem is stored on the device)."
Both these mountpoints are on the same filesystem, so according to the man page they should have the same fsid, but this causes the same directory to be exported, so I think it means that each export needs to have a separate fsid.
One more note: /mnt/storage is an XFS filesystem over a RAID3, so this could also have made NFS confused about UUIDs of devices.

How/why cygwin breaks windows permissions?

We have complaints "from the field" (i.e. from sysadmins installing software) that cygwin "messes up" windows permissions on NTFS (Windows 7/10/2008/2012, etc).
Problem Usecase
The general usecase is this:
Sysadmin launches some 'software installer' from the cygwin bash cmd line
Installer runs fine
Sysadmin tries to start windows services
Result:
Service fails to start
Workaround Steps
These steps seem to get past the problem:
Sysadmin resets ntfs permissions with windows ICACLS command : (in this example "acme" is the newly created directory. This command sets acme and its children to re-inherit permissions from folder "d:\instances"
d:\instances> icacls acme /RESET /T /C /Q
Sysadmin starts service
Result:
Windows service starts
Question
What makes cygwin handle permissions for newly-written files differently than powershell? Is it a matter of a wrong version of umask?
Can the sysadmin take steps in advance to ensure cygwin sets up permissions properly?
thanks in advance
I found the answer here; it refers to this mailing-list letter.
You need to edit Cygwin's /etc/fstab and add "noacl" to the list of mount-options.
To add to the answer of ulathek here is the copy-paste of the two URLs:
First:
How to fix incorrect Cygwin permission in Windows 7
Cygwin started to behave quite strangely after recent updates. I was not able to edit files in vim, because it was complaining that files are read only. Even cp -r didn’t work correctly. Permission of new directory was broken and I was not able to remove it. Pretty weird behavior.
E.g. ls -l
total 2
----------+ 1 georgik None 34 Jul 14 18:09 index.jade
----------+ 1 georgik None 109 Jul 14 17:40 layout.jade
Hm. It is clear that something is wrong with permission. Even owner has no permission on those files.
Output of mount command:
C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto)
I found a solution at cygwin forum. It’s quite easy to fix it.
Open /etc/fstab and enter following line:
none /cygdrive cygdrive binary,noacl,posix=0,user 0 0
Save it. Close all cygwin terminals and start new terminal.
Output of mount:
C: on /cygdrive/c type ntfs (binary,noacl,posix=0,user,noumount,auto)
Output of ls -l
total 2
-rw-r--r-- 1 georgik None 34 Jul 14 18:09 index.jade
-rw-r--r-- 1 georgik None 109 Jul 14 17:40 layout.jade
Second:
7/14/2010 10:57 AM
> Drive Y is a mapping to a network location. Interestingly, ls -l
>> /cygdrive returns:
>> d---------+ 1 ???????? ???????? 24576 2010-07-09 11:18 c
>> drwx------+ 1 Administrators Domain Users 0 2010-07-14 06:58 y
>>
>> The c folder looks weird, the y folder looks correct.
>>
> Try ls -ln /cygdrive. The user and group ownerships on the root of the
> C: drive are most likely not found in your passwd and group files. The
> -n option for ls will print the user and group IDs rather than try to
> look up their names. Unfortunately, I can't think of any way offhand to
> generate the passwd and group entries given only user and group IDs.
> Maybe someone else can comment on that.
>
I think your answer is correct:
$ ls -ln /cygdrive
total 24
d---------+ 1 4294967295 4294967295 24576 2010-07-09 11:18 c
drwx------+ 1 544 10513 0 2010-07-14 11:45 y
I edited my /etc/fstab file (it contained only commented lines) and
added this line at the end of the file:
none /cygdrive cygdrive binary,noacl,posix=0,user 0 0
I closed all my Cygwin processes, opened a new terminal and did an ls-l
on visitor.cpp again:
-rw-r--r-- 1 cory Domain Users 3236 2010-07-11 22:37 visitor.cpp
Success!!! The permissions are now reported as 644 rather than 000 and I
can edit the file with Cygwin vim and not have bogus read-only issues.
Thank you Jeremy.
cory

Unable to copy the shared library's soft links with their original size in linux

I have created a shared object of 1.2 M and created 4 soft links for that SO.
Size of all the links is 20B and the size of the main so is 1.2M
20 May 23 10:56 libAbc.so -> libAbc.so.2.0.11.0
20 May 23 10:56 libAbc.so.1 -> libAbc.so.2.0.11.0
20 May 23 10:56 libAbc.so.1.0 -> libAbc.so.2.0.11.0
1.2M May 23 10:56 libAbc.so.2.0.11.0
While i tried to copy all these files to another folder using cp , the size of the links is equal to the main file.
1.2M May 24 08:07 libABC.so
1.2M May 24 08:07 libABC.so.1
1.2M May 24 08:07 libABC.so.1.0
1.2M May 24 08:07 libABC.so.2.0.11.0
I have also used
cp -s libAgent.so* src/
which is also failing with an error
cp: `src/libAgent.so': can make relative symbolic links only in current directory
Why is it failing to copy the softlinks with their original size(20B)
Copying a soft link usually copies the file the soft link refers to and does not replicate the soft link.
If you wish to use cp to copy soft links as new soft links, specify the -a option to cp.
cp -a libAbc.so* /path/to/another/folder
The info page for cp says:
`-a'
`--archive'
Preserve as much as possible of the structure and attributes of the
original files in the copy (but do not attempt to preserve internal
directory structure; i.e., `ls -U' may list the entries in a copied
directory in a different order). Equivalent to `-dpR'.
The key is to select the "archive" option of the command used to copy the link. rsync is an effective alternative as Maxim Egorushkin points out, and rsync has the capability of copying extended attributes and ACLs if the command includes the appropriate command-line arguments.
rsync -aAX libAbc.so* /path/to/another/folder
The rsync man page says:
-a, --archive archive mode; equals -rlptgoD (no -H,-A,-X)
--no-OPTION turn off an implied OPTION (e.g. --no-D)
-A, --acls preserve ACLs (implies -p)
-X, --xattrs preserve extended attributes
In the OP's use case, the -A and -X are not needed.
A caveat is that if the soft link is a relative link, copying it to a new location may make the link inoperative because it does not point to an absolute path.
For example:
$ ls -al /usr/lib/rpmpopt
lrwxrwxrwx 1 root root 19 2012-05-02 12:40 /usr/lib/rpmpopt -> rpm/rpmpopt-4.4.2.3
cp -a /usr/lib/rpmpopt ${HOME}/tmp and rsync -av /usr/lib/rpmpopt ${HOME}/tmp on my machine both create a broken link rpmpopt -> rpm/rpmpopt-4.4.2.3 because my local copy has no rpm sub-folder. One needs to consider this fact when deciding what to copy.
This link is broken because ${HOME}/tmp/rpm is not present:
$ ls -nl ${HOME}/tmp/rpmpopt
lrwxrwxrwx 1 505 700 19 2016-05-24 10:04 /home/kbulgrien/tmp/rpmpopt -> rpm/rpmpopt-4.4.2.3
rsync is less error-prone then cp:
rsync -av libAgent.so* src/

Resources